//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2024 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

#if canImport(FoundationEssentials)
import FoundationEssentials
#else
import Foundation
#endif
@_spi(SotoInternal) import SotoCore

extension Macie2 {
    // MARK: Enums

    public enum AdminStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case disablingInProgress = "DISABLING_IN_PROGRESS"
        case enabled = "ENABLED"
        public var description: String { return self.rawValue }
    }

    public enum AllowListStatusCode: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case ok = "OK"
        case s3ObjectAccessDenied = "S3_OBJECT_ACCESS_DENIED"
        case s3ObjectEmpty = "S3_OBJECT_EMPTY"
        case s3ObjectNotFound = "S3_OBJECT_NOT_FOUND"
        case s3ObjectOversize = "S3_OBJECT_OVERSIZE"
        case s3Throttled = "S3_THROTTLED"
        case s3UserAccessDenied = "S3_USER_ACCESS_DENIED"
        case unknownError = "UNKNOWN_ERROR"
        public var description: String { return self.rawValue }
    }

    public enum AllowsUnencryptedObjectUploads: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case `false` = "FALSE"
        case `true` = "TRUE"
        case unknown = "UNKNOWN"
        public var description: String { return self.rawValue }
    }

    public enum AutoEnableMode: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case all = "ALL"
        case new = "NEW"
        case none = "NONE"
        public var description: String { return self.rawValue }
    }

    public enum AutomatedDiscoveryAccountStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case disabled = "DISABLED"
        case enabled = "ENABLED"
        public var description: String { return self.rawValue }
    }

    public enum AutomatedDiscoveryAccountUpdateErrorCode: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accountNotFound = "ACCOUNT_NOT_FOUND"
        case accountPaused = "ACCOUNT_PAUSED"
        public var description: String { return self.rawValue }
    }

    public enum AutomatedDiscoveryMonitoringStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case monitored = "MONITORED"
        case notMonitored = "NOT_MONITORED"
        public var description: String { return self.rawValue }
    }

    public enum AutomatedDiscoveryStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case disabled = "DISABLED"
        case enabled = "ENABLED"
        public var description: String { return self.rawValue }
    }

    public enum AvailabilityCode: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case available = "AVAILABLE"
        case unavailable = "UNAVAILABLE"
        public var description: String { return self.rawValue }
    }

    public enum BucketMetadataErrorCode: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accessDenied = "ACCESS_DENIED"
        case bucketCountExceedsQuota = "BUCKET_COUNT_EXCEEDS_QUOTA"
        public var description: String { return self.rawValue }
    }

    public enum ClassificationScopeUpdateOperation: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case add = "ADD"
        case remove = "REMOVE"
        case replace = "REPLACE"
        public var description: String { return self.rawValue }
    }

    public enum Currency: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case usd = "USD"
        public var description: String { return self.rawValue }
    }

    public enum DataIdentifierSeverity: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case high = "HIGH"
        case low = "LOW"
        case medium = "MEDIUM"
        public var description: String { return self.rawValue }
    }

    public enum DataIdentifierType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case custom = "CUSTOM"
        case managed = "MANAGED"
        public var description: String { return self.rawValue }
    }

    public enum DayOfWeek: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case friday = "FRIDAY"
        case monday = "MONDAY"
        case saturday = "SATURDAY"
        case sunday = "SUNDAY"
        case thursday = "THURSDAY"
        case tuesday = "TUESDAY"
        case wednesday = "WEDNESDAY"
        public var description: String { return self.rawValue }
    }

    public enum EffectivePermission: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case `public` = "PUBLIC"
        case notPublic = "NOT_PUBLIC"
        case unknown = "UNKNOWN"
        public var description: String { return self.rawValue }
    }

    public enum EncryptionType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case aes256 = "AES256"
        case awsKms = "aws:kms"
        case awsKmsDsse = "aws:kms:dsse"
        case none = "NONE"
        case unknown = "UNKNOWN"
        public var description: String { return self.rawValue }
    }

    public enum ErrorCode: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case clientError = "ClientError"
        case internalError = "InternalError"
        public var description: String { return self.rawValue }
    }

    public enum FindingActionType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case awsApiCall = "AWS_API_CALL"
        public var description: String { return self.rawValue }
    }

    public enum FindingCategory: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case classification = "CLASSIFICATION"
        case policy = "POLICY"
        public var description: String { return self.rawValue }
    }

    public enum FindingPublishingFrequency: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case fifteenMinutes = "FIFTEEN_MINUTES"
        case oneHour = "ONE_HOUR"
        case sixHours = "SIX_HOURS"
        public var description: String { return self.rawValue }
    }

    public enum FindingStatisticsSortAttributeName: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case count = "count"
        case groupKey = "groupKey"
        public var description: String { return self.rawValue }
    }

    public enum FindingType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case policyIamuserS3Blockpublicaccessdisabled = "Policy:IAMUser/S3BlockPublicAccessDisabled"
        case policyIamuserS3Bucketencryptiondisabled = "Policy:IAMUser/S3BucketEncryptionDisabled"
        case policyIamuserS3Bucketpublic = "Policy:IAMUser/S3BucketPublic"
        case policyIamuserS3Bucketreplicatedexternally = "Policy:IAMUser/S3BucketReplicatedExternally"
        case policyIamuserS3Bucketsharedexternally = "Policy:IAMUser/S3BucketSharedExternally"
        case policyIamuserS3Bucketsharedwithcloudfront = "Policy:IAMUser/S3BucketSharedWithCloudFront"
        case sensitiveDataS3ObjectCredentials = "SensitiveData:S3Object/Credentials"
        case sensitiveDataS3ObjectCustomidentifier = "SensitiveData:S3Object/CustomIdentifier"
        case sensitiveDataS3ObjectFinancial = "SensitiveData:S3Object/Financial"
        case sensitiveDataS3ObjectMultiple = "SensitiveData:S3Object/Multiple"
        case sensitiveDataS3ObjectPersonal = "SensitiveData:S3Object/Personal"
        public var description: String { return self.rawValue }
    }

    public enum FindingsFilterAction: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case archive = "ARCHIVE"
        case noop = "NOOP"
        public var description: String { return self.rawValue }
    }

    public enum GroupBy: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case classificationDetailsJobid = "classificationDetails.jobId"
        case resourcesAffectedS3BucketName = "resourcesAffected.s3Bucket.name"
        case severityDescription = "severity.description"
        case type = "type"
        public var description: String { return self.rawValue }
    }

    public enum IsDefinedInJob: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case `false` = "FALSE"
        case `true` = "TRUE"
        case unknown = "UNKNOWN"
        public var description: String { return self.rawValue }
    }

    public enum IsMonitoredByJob: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case `false` = "FALSE"
        case `true` = "TRUE"
        case unknown = "UNKNOWN"
        public var description: String { return self.rawValue }
    }

    public enum JobComparator: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case contains = "CONTAINS"
        case eq = "EQ"
        case gt = "GT"
        case gte = "GTE"
        case lt = "LT"
        case lte = "LTE"
        case ne = "NE"
        case startsWith = "STARTS_WITH"
        public var description: String { return self.rawValue }
    }

    public enum JobStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case cancelled = "CANCELLED"
        case complete = "COMPLETE"
        case idle = "IDLE"
        case paused = "PAUSED"
        case running = "RUNNING"
        case userPaused = "USER_PAUSED"
        public var description: String { return self.rawValue }
    }

    public enum JobType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case oneTime = "ONE_TIME"
        case scheduled = "SCHEDULED"
        public var description: String { return self.rawValue }
    }

    public enum LastRunErrorStatusCode: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case error = "ERROR"
        case none = "NONE"
        public var description: String { return self.rawValue }
    }

    public enum ListJobsFilterKey: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case createdAt = "createdAt"
        case jobStatus = "jobStatus"
        case jobType = "jobType"
        case name = "name"
        public var description: String { return self.rawValue }
    }

    public enum ListJobsSortAttributeName: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case createdAt = "createdAt"
        case jobStatus = "jobStatus"
        case jobType = "jobType"
        case name = "name"
        public var description: String { return self.rawValue }
    }

    public enum MacieStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case enabled = "ENABLED"
        case paused = "PAUSED"
        public var description: String { return self.rawValue }
    }

    public enum ManagedDataIdentifierSelector: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case all = "ALL"
        case exclude = "EXCLUDE"
        case include = "INCLUDE"
        case none = "NONE"
        case recommended = "RECOMMENDED"
        public var description: String { return self.rawValue }
    }

    public enum OrderBy: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case asc = "ASC"
        case desc = "DESC"
        public var description: String { return self.rawValue }
    }

    public enum OriginType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case automatedSensitiveDataDiscovery = "AUTOMATED_SENSITIVE_DATA_DISCOVERY"
        case sensitiveDataDiscoveryJob = "SENSITIVE_DATA_DISCOVERY_JOB"
        public var description: String { return self.rawValue }
    }

    public enum RelationshipStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accountSuspended = "AccountSuspended"
        case created = "Created"
        case emailVerificationFailed = "EmailVerificationFailed"
        case emailVerificationInProgress = "EmailVerificationInProgress"
        case enabled = "Enabled"
        case invited = "Invited"
        case paused = "Paused"
        case regionDisabled = "RegionDisabled"
        case removed = "Removed"
        case resigned = "Resigned"
        public var description: String { return self.rawValue }
    }

    public enum RetrievalMode: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case assumeRole = "ASSUME_ROLE"
        case callerCredentials = "CALLER_CREDENTIALS"
        public var description: String { return self.rawValue }
    }

    public enum RevealRequestStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case error = "ERROR"
        case processing = "PROCESSING"
        case success = "SUCCESS"
        public var description: String { return self.rawValue }
    }

    public enum RevealStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case disabled = "DISABLED"
        case enabled = "ENABLED"
        public var description: String { return self.rawValue }
    }

    public enum ScopeFilterKey: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case objectExtension = "OBJECT_EXTENSION"
        case objectKey = "OBJECT_KEY"
        case objectLastModifiedDate = "OBJECT_LAST_MODIFIED_DATE"
        case objectSize = "OBJECT_SIZE"
        public var description: String { return self.rawValue }
    }

    public enum SearchResourcesComparator: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case eq = "EQ"
        case ne = "NE"
        public var description: String { return self.rawValue }
    }

    public enum SearchResourcesSimpleCriterionKey: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accountId = "ACCOUNT_ID"
        case automatedDiscoveryMonitoringStatus = "AUTOMATED_DISCOVERY_MONITORING_STATUS"
        case s3BucketEffectivePermission = "S3_BUCKET_EFFECTIVE_PERMISSION"
        case s3BucketName = "S3_BUCKET_NAME"
        case s3BucketSharedAccess = "S3_BUCKET_SHARED_ACCESS"
        public var description: String { return self.rawValue }
    }

    public enum SearchResourcesSortAttributeName: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accountId = "ACCOUNT_ID"
        case resourceName = "RESOURCE_NAME"
        case s3ClassifiableObjectCount = "S3_CLASSIFIABLE_OBJECT_COUNT"
        case s3ClassifiableSizeInBytes = "S3_CLASSIFIABLE_SIZE_IN_BYTES"
        public var description: String { return self.rawValue }
    }

    public enum SensitiveDataItemCategory: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case credentials = "CREDENTIALS"
        case customIdentifier = "CUSTOM_IDENTIFIER"
        case financialInformation = "FINANCIAL_INFORMATION"
        case personalInformation = "PERSONAL_INFORMATION"
        public var description: String { return self.rawValue }
    }

    public enum SeverityDescription: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case high = "High"
        case low = "Low"
        case medium = "Medium"
        public var description: String { return self.rawValue }
    }

    public enum SharedAccess: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case `internal` = "INTERNAL"
        case external = "EXTERNAL"
        case notShared = "NOT_SHARED"
        case unknown = "UNKNOWN"
        public var description: String { return self.rawValue }
    }

    public enum SimpleCriterionKeyForJob: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accountId = "ACCOUNT_ID"
        case s3BucketEffectivePermission = "S3_BUCKET_EFFECTIVE_PERMISSION"
        case s3BucketName = "S3_BUCKET_NAME"
        case s3BucketSharedAccess = "S3_BUCKET_SHARED_ACCESS"
        public var description: String { return self.rawValue }
    }

    public enum StorageClass: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case deepArchive = "DEEP_ARCHIVE"
        case glacier = "GLACIER"
        case glacierIr = "GLACIER_IR"
        case intelligentTiering = "INTELLIGENT_TIERING"
        case onezoneIa = "ONEZONE_IA"
        case outposts = "OUTPOSTS"
        case reducedRedundancy = "REDUCED_REDUNDANCY"
        case standard = "STANDARD"
        case standardIa = "STANDARD_IA"
        public var description: String { return self.rawValue }
    }

    public enum TagTarget: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case s3Object = "S3_OBJECT"
        public var description: String { return self.rawValue }
    }

    public enum TimeRange: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case monthToDate = "MONTH_TO_DATE"
        case past30Days = "PAST_30_DAYS"
        public var description: String { return self.rawValue }
    }

    public enum UnavailabilityReasonCode: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accountNotInOrganization = "ACCOUNT_NOT_IN_ORGANIZATION"
        case invalidClassificationResult = "INVALID_CLASSIFICATION_RESULT"
        case invalidResultSignature = "INVALID_RESULT_SIGNATURE"
        case memberRoleTooPermissive = "MEMBER_ROLE_TOO_PERMISSIVE"
        case missingGetMemberPermission = "MISSING_GET_MEMBER_PERMISSION"
        case objectExceedsSizeQuota = "OBJECT_EXCEEDS_SIZE_QUOTA"
        case objectUnavailable = "OBJECT_UNAVAILABLE"
        case resultNotSigned = "RESULT_NOT_SIGNED"
        case roleTooPermissive = "ROLE_TOO_PERMISSIVE"
        case unsupportedFindingType = "UNSUPPORTED_FINDING_TYPE"
        case unsupportedObjectType = "UNSUPPORTED_OBJECT_TYPE"
        public var description: String { return self.rawValue }
    }

    public enum Unit: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case terabytes = "TERABYTES"
        public var description: String { return self.rawValue }
    }

    public enum UsageStatisticsFilterComparator: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case contains = "CONTAINS"
        case eq = "EQ"
        case gt = "GT"
        case gte = "GTE"
        case lt = "LT"
        case lte = "LTE"
        case ne = "NE"
        public var description: String { return self.rawValue }
    }

    public enum UsageStatisticsFilterKey: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accountId = "accountId"
        case freeTrialStartDate = "freeTrialStartDate"
        case serviceLimit = "serviceLimit"
        case total = "total"
        public var description: String { return self.rawValue }
    }

    public enum UsageStatisticsSortKey: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accountId = "accountId"
        case freeTrialStartDate = "freeTrialStartDate"
        case serviceLimitValue = "serviceLimitValue"
        case total = "total"
        public var description: String { return self.rawValue }
    }

    public enum UsageType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case automatedObjectMonitoring = "AUTOMATED_OBJECT_MONITORING"
        case automatedSensitiveDataDiscovery = "AUTOMATED_SENSITIVE_DATA_DISCOVERY"
        case dataInventoryEvaluation = "DATA_INVENTORY_EVALUATION"
        case sensitiveDataDiscovery = "SENSITIVE_DATA_DISCOVERY"
        public var description: String { return self.rawValue }
    }

    public enum UserIdentityType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case assumedRole = "AssumedRole"
        case awsAccount = "AWSAccount"
        case awsService = "AWSService"
        case federatedUser = "FederatedUser"
        case iamUser = "IAMUser"
        case root = "Root"
        public var description: String { return self.rawValue }
    }

    public enum `Type`: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case aes256 = "AES256"
        case awsKms = "aws:kms"
        case awsKmsDsse = "aws:kms:dsse"
        case none = "NONE"
        public var description: String { return self.rawValue }
    }

    // MARK: Shapes

    public struct AcceptInvitationRequest: AWSEncodableShape {
        /// The Amazon Web Services account ID for the account that sent the invitation.
        public let administratorAccountId: String?
        /// The unique identifier for the invitation to accept.
        public let invitationId: String?
        /// (Deprecated) The Amazon Web Services account ID for the account that sent the invitation. This property has been replaced by the administratorAccountId property and is retained only for backward compatibility.
        public let masterAccount: String?

        @inlinable
        public init(administratorAccountId: String? = nil, invitationId: String? = nil, masterAccount: String? = nil) {
            self.administratorAccountId = administratorAccountId
            self.invitationId = invitationId
            self.masterAccount = masterAccount
        }

        private enum CodingKeys: String, CodingKey {
            case administratorAccountId = "administratorAccountId"
            case invitationId = "invitationId"
            case masterAccount = "masterAccount"
        }
    }

    public struct AcceptInvitationResponse: AWSDecodableShape {
        public init() {}
    }

    public struct AccessControlList: AWSDecodableShape {
        /// Specifies whether the ACL grants the general public with read access permissions for the bucket.
        public let allowsPublicReadAccess: Bool?
        /// Specifies whether the ACL grants the general public with write access permissions for the bucket.
        public let allowsPublicWriteAccess: Bool?

        @inlinable
        public init(allowsPublicReadAccess: Bool? = nil, allowsPublicWriteAccess: Bool? = nil) {
            self.allowsPublicReadAccess = allowsPublicReadAccess
            self.allowsPublicWriteAccess = allowsPublicWriteAccess
        }

        private enum CodingKeys: String, CodingKey {
            case allowsPublicReadAccess = "allowsPublicReadAccess"
            case allowsPublicWriteAccess = "allowsPublicWriteAccess"
        }
    }

    public struct AccountDetail: AWSEncodableShape {
        /// The Amazon Web Services account ID for the account.
        public let accountId: String?
        /// The email address for the account.
        public let email: String?

        @inlinable
        public init(accountId: String? = nil, email: String? = nil) {
            self.accountId = accountId
            self.email = email
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case email = "email"
        }
    }

    public struct AccountLevelPermissions: AWSDecodableShape {
        /// The block public access settings for the Amazon Web Services account that owns the bucket.
        public let blockPublicAccess: BlockPublicAccess?

        @inlinable
        public init(blockPublicAccess: BlockPublicAccess? = nil) {
            self.blockPublicAccess = blockPublicAccess
        }

        private enum CodingKeys: String, CodingKey {
            case blockPublicAccess = "blockPublicAccess"
        }
    }

    public struct AdminAccount: AWSDecodableShape {
        /// The Amazon Web Services account ID for the account.
        public let accountId: String?
        /// The current status of the account as the delegated Amazon Macie administrator account for the organization.
        public let status: AdminStatus?

        @inlinable
        public init(accountId: String? = nil, status: AdminStatus? = nil) {
            self.accountId = accountId
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case status = "status"
        }
    }

    public struct AllowListCriteria: AWSEncodableShape & AWSDecodableShape {
        /// The regular expression (regex) that defines the text pattern to ignore. The expression can contain as many as 512 characters.
        public let regex: String?
        /// The location and name of the S3 object that lists specific text to ignore.
        public let s3WordsList: S3WordsList?

        @inlinable
        public init(regex: String? = nil, s3WordsList: S3WordsList? = nil) {
            self.regex = regex
            self.s3WordsList = s3WordsList
        }

        public func validate(name: String) throws {
            try self.validate(self.regex, name: "regex", parent: name, max: 512)
            try self.validate(self.regex, name: "regex", parent: name, min: 1)
            try self.validate(self.regex, name: "regex", parent: name, pattern: "^[\\s\\S]+$")
            try self.s3WordsList?.validate(name: "\(name).s3WordsList")
        }

        private enum CodingKeys: String, CodingKey {
            case regex = "regex"
            case s3WordsList = "s3WordsList"
        }
    }

    public struct AllowListStatus: AWSDecodableShape {
        /// The current status of the allow list. If the list's criteria specify a regular expression (regex), this value is typically OK. Amazon Macie can compile the expression. If the list's criteria specify an S3 object, possible values are: OK - Macie can retrieve and parse the contents of the object. S3_OBJECT_ACCESS_DENIED - Macie isn't allowed to access the object or the object is encrypted with a customer managed KMS key that Macie isn't allowed to use. Check the bucket policy and other permissions settings for the bucket and the object. If the object is encrypted, also ensure that it's encrypted with a key that Macie is allowed to use. S3_OBJECT_EMPTY - Macie can retrieve the object but the object doesn't contain any content. Ensure that the object contains the correct entries. Also ensure that the list's criteria specify the correct bucket and object names. S3_OBJECT_NOT_FOUND - The object doesn't exist in Amazon S3. Ensure that the list's criteria specify the correct bucket and object names. S3_OBJECT_OVERSIZE - Macie can retrieve the object. However, the object contains too many entries or its storage size exceeds the quota for an allow list. Try breaking the list into multiple files and ensure that each file doesn't exceed any quotas. Then configure list settings in Macie for each file. S3_THROTTLED - Amazon S3 throttled the request to retrieve the object. Wait a few minutes and then try again. S3_USER_ACCESS_DENIED - Amazon S3 denied the request to retrieve the object. If the specified object exists, you're not allowed to access it or it's encrypted with an KMS key that you're not allowed to use. Work with your Amazon Web Services administrator to ensure that the list's criteria specify the correct bucket and object names, and you have read access to the bucket and the object. If the object is encrypted, also ensure that it's encrypted with a key that you're allowed to use. UNKNOWN_ERROR - A transient or internal error occurred when Macie attempted to retrieve or parse the object. Wait a few minutes and then try again. A list can also have this status if it's encrypted with a key that Amazon S3 and Macie can't access or use.
        public let code: AllowListStatusCode?
        /// A brief description of the status of the allow list. Amazon Macie uses this value to provide additional information about an error that occurred when Macie tried to access and use the list's criteria.
        public let description: String?

        @inlinable
        public init(code: AllowListStatusCode? = nil, description: String? = nil) {
            self.code = code
            self.description = description
        }

        private enum CodingKeys: String, CodingKey {
            case code = "code"
            case description = "description"
        }
    }

    public struct AllowListSummary: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the allow list.
        public let arn: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the allow list was created in Amazon Macie.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var createdAt: Date?
        /// The custom description of the allow list.
        public let description: String?
        /// The unique identifier for the allow list.
        public let id: String?
        /// The custom name of the allow list.
        public let name: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the allow list's settings were most recently changed in Amazon Macie.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var updatedAt: Date?

        @inlinable
        public init(arn: String? = nil, createdAt: Date? = nil, description: String? = nil, id: String? = nil, name: String? = nil, updatedAt: Date? = nil) {
            self.arn = arn
            self.createdAt = createdAt
            self.description = description
            self.id = id
            self.name = name
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case createdAt = "createdAt"
            case description = "description"
            case id = "id"
            case name = "name"
            case updatedAt = "updatedAt"
        }
    }

    public struct ApiCallDetails: AWSDecodableShape {
        /// The name of the operation that was invoked most recently and produced the finding.
        public let api: String?
        /// The URL of the Amazon Web Services service that provides the operation, for example: s3.amazonaws.com.
        public let apiServiceName: String?
        /// The first date and time, in UTC and extended ISO 8601 format, when any operation was invoked and produced the finding.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var firstSeen: Date?
        /// The most recent date and time, in UTC and extended ISO 8601 format, when the specified operation (api) was invoked and produced the finding.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var lastSeen: Date?

        @inlinable
        public init(api: String? = nil, apiServiceName: String? = nil, firstSeen: Date? = nil, lastSeen: Date? = nil) {
            self.api = api
            self.apiServiceName = apiServiceName
            self.firstSeen = firstSeen
            self.lastSeen = lastSeen
        }

        private enum CodingKeys: String, CodingKey {
            case api = "api"
            case apiServiceName = "apiServiceName"
            case firstSeen = "firstSeen"
            case lastSeen = "lastSeen"
        }
    }

    public struct AssumedRole: AWSDecodableShape {
        /// The Amazon Web Services access key ID that identifies the credentials.
        public let accessKeyId: String?
        /// The unique identifier for the Amazon Web Services account that owns the entity that was used to get the credentials.
        public let accountId: String?
        /// The Amazon Resource Name (ARN) of the entity that was used to get the credentials.
        public let arn: String?
        /// The unique identifier for the entity that was used to get the credentials.
        public let principalId: String?
        /// The details of the session that was created for the credentials, including the entity that issued the session.
        public let sessionContext: SessionContext?

        @inlinable
        public init(accessKeyId: String? = nil, accountId: String? = nil, arn: String? = nil, principalId: String? = nil, sessionContext: SessionContext? = nil) {
            self.accessKeyId = accessKeyId
            self.accountId = accountId
            self.arn = arn
            self.principalId = principalId
            self.sessionContext = sessionContext
        }

        private enum CodingKeys: String, CodingKey {
            case accessKeyId = "accessKeyId"
            case accountId = "accountId"
            case arn = "arn"
            case principalId = "principalId"
            case sessionContext = "sessionContext"
        }
    }

    public struct AutomatedDiscoveryAccount: AWSDecodableShape {
        /// The Amazon Web Services account ID for the account.
        public let accountId: String?
        /// The current status of automated sensitive data discovery for the account. Possible values are: ENABLED, perform automated sensitive data discovery activities for the account; and, DISABLED, don't perform automated sensitive data discovery activities for the account.
        public let status: AutomatedDiscoveryAccountStatus?

        @inlinable
        public init(accountId: String? = nil, status: AutomatedDiscoveryAccountStatus? = nil) {
            self.accountId = accountId
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case status = "status"
        }
    }

    public struct AutomatedDiscoveryAccountUpdate: AWSEncodableShape {
        /// The Amazon Web Services account ID for the account.
        public let accountId: String?
        /// The new status of automated sensitive data discovery for the account. Valid values are: ENABLED, perform automated sensitive data discovery activities for the account; and, DISABLED, don't perform automated sensitive data discovery activities for the account.
        public let status: AutomatedDiscoveryAccountStatus?

        @inlinable
        public init(accountId: String? = nil, status: AutomatedDiscoveryAccountStatus? = nil) {
            self.accountId = accountId
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case status = "status"
        }
    }

    public struct AutomatedDiscoveryAccountUpdateError: AWSDecodableShape {
        /// The Amazon Web Services account ID for the account that the request applied to.
        public let accountId: String?
        /// The error code for the error that caused the request to fail for the account (accountId). Possible values are: ACCOUNT_NOT_FOUND, the account doesn’t exist or you're not the Amazon Macie administrator for the account; and, ACCOUNT_PAUSED, Macie isn’t enabled for the account in the current Amazon Web Services Region.
        public let errorCode: AutomatedDiscoveryAccountUpdateErrorCode?

        @inlinable
        public init(accountId: String? = nil, errorCode: AutomatedDiscoveryAccountUpdateErrorCode? = nil) {
            self.accountId = accountId
            self.errorCode = errorCode
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case errorCode = "errorCode"
        }
    }

    public struct AwsAccount: AWSDecodableShape {
        /// The unique identifier for the Amazon Web Services account.
        public let accountId: String?
        /// The unique identifier for the entity that performed the action.
        public let principalId: String?

        @inlinable
        public init(accountId: String? = nil, principalId: String? = nil) {
            self.accountId = accountId
            self.principalId = principalId
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case principalId = "principalId"
        }
    }

    public struct AwsService: AWSDecodableShape {
        /// The name of the Amazon Web Service that performed the action.
        public let invokedBy: String?

        @inlinable
        public init(invokedBy: String? = nil) {
            self.invokedBy = invokedBy
        }

        private enum CodingKeys: String, CodingKey {
            case invokedBy = "invokedBy"
        }
    }

    public struct BatchGetCustomDataIdentifierSummary: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the custom data identifier.
        public let arn: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var createdAt: Date?
        /// Specifies whether the custom data identifier was deleted. If you delete a custom data identifier, Amazon Macie doesn't delete it permanently. Instead, it soft deletes the identifier.
        public let deleted: Bool?
        /// The custom description of the custom data identifier.
        public let description: String?
        /// The unique identifier for the custom data identifier.
        public let id: String?
        /// The custom name of the custom data identifier.
        public let name: String?

        @inlinable
        public init(arn: String? = nil, createdAt: Date? = nil, deleted: Bool? = nil, description: String? = nil, id: String? = nil, name: String? = nil) {
            self.arn = arn
            self.createdAt = createdAt
            self.deleted = deleted
            self.description = description
            self.id = id
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case createdAt = "createdAt"
            case deleted = "deleted"
            case description = "description"
            case id = "id"
            case name = "name"
        }
    }

    public struct BatchGetCustomDataIdentifiersRequest: AWSEncodableShape {
        /// An array of custom data identifier IDs, one for each custom data identifier to retrieve information about.
        public let ids: [String]?

        @inlinable
        public init(ids: [String]? = nil) {
            self.ids = ids
        }

        private enum CodingKeys: String, CodingKey {
            case ids = "ids"
        }
    }

    public struct BatchGetCustomDataIdentifiersResponse: AWSDecodableShape {
        /// An array of objects, one for each custom data identifier that matches the criteria specified in the request.
        public let customDataIdentifiers: [BatchGetCustomDataIdentifierSummary]?
        /// An array of custom data identifier IDs, one for each custom data identifier that was specified in the request but doesn't correlate to an existing custom data identifier.
        public let notFoundIdentifierIds: [String]?

        @inlinable
        public init(customDataIdentifiers: [BatchGetCustomDataIdentifierSummary]? = nil, notFoundIdentifierIds: [String]? = nil) {
            self.customDataIdentifiers = customDataIdentifiers
            self.notFoundIdentifierIds = notFoundIdentifierIds
        }

        private enum CodingKeys: String, CodingKey {
            case customDataIdentifiers = "customDataIdentifiers"
            case notFoundIdentifierIds = "notFoundIdentifierIds"
        }
    }

    public struct BatchUpdateAutomatedDiscoveryAccountsRequest: AWSEncodableShape {
        /// An array of objects, one for each account to change the status of automated sensitive data discovery for. Each object specifies the Amazon Web Services account ID for an account and a new status for that account.
        public let accounts: [AutomatedDiscoveryAccountUpdate]?

        @inlinable
        public init(accounts: [AutomatedDiscoveryAccountUpdate]? = nil) {
            self.accounts = accounts
        }

        private enum CodingKeys: String, CodingKey {
            case accounts = "accounts"
        }
    }

    public struct BatchUpdateAutomatedDiscoveryAccountsResponse: AWSDecodableShape {
        /// An array of objects, one for each account whose status wasn’t changed. Each object identifies the account and explains why the status of automated sensitive data discovery wasn’t changed for the account. This value is null if the request succeeded for all specified accounts.
        public let errors: [AutomatedDiscoveryAccountUpdateError]?

        @inlinable
        public init(errors: [AutomatedDiscoveryAccountUpdateError]? = nil) {
            self.errors = errors
        }

        private enum CodingKeys: String, CodingKey {
            case errors = "errors"
        }
    }

    public struct BlockPublicAccess: AWSDecodableShape {
        /// Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in the bucket.
        public let blockPublicAcls: Bool?
        /// Specifies whether Amazon S3 blocks public bucket policies for the bucket.
        public let blockPublicPolicy: Bool?
        /// Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.
        public let ignorePublicAcls: Bool?
        /// Specifies whether Amazon S3 restricts public bucket policies for the bucket.
        public let restrictPublicBuckets: Bool?

        @inlinable
        public init(blockPublicAcls: Bool? = nil, blockPublicPolicy: Bool? = nil, ignorePublicAcls: Bool? = nil, restrictPublicBuckets: Bool? = nil) {
            self.blockPublicAcls = blockPublicAcls
            self.blockPublicPolicy = blockPublicPolicy
            self.ignorePublicAcls = ignorePublicAcls
            self.restrictPublicBuckets = restrictPublicBuckets
        }

        private enum CodingKeys: String, CodingKey {
            case blockPublicAcls = "blockPublicAcls"
            case blockPublicPolicy = "blockPublicPolicy"
            case ignorePublicAcls = "ignorePublicAcls"
            case restrictPublicBuckets = "restrictPublicBuckets"
        }
    }

    public struct BucketCountByEffectivePermission: AWSDecodableShape {
        /// The total number of buckets that allow the general public to have read or write access to the bucket.
        public let publiclyAccessible: Int64?
        /// The total number of buckets that allow the general public to have read access to the bucket.
        public let publiclyReadable: Int64?
        /// The total number of buckets that allow the general public to have write access to the bucket.
        public let publiclyWritable: Int64?
        /// The total number of buckets that Amazon Macie wasn't able to evaluate permissions settings for. For example, the buckets' policies or a quota prevented Macie from retrieving the requisite data. Macie can't determine whether the buckets are publicly accessible.
        public let unknown: Int64?

        @inlinable
        public init(publiclyAccessible: Int64? = nil, publiclyReadable: Int64? = nil, publiclyWritable: Int64? = nil, unknown: Int64? = nil) {
            self.publiclyAccessible = publiclyAccessible
            self.publiclyReadable = publiclyReadable
            self.publiclyWritable = publiclyWritable
            self.unknown = unknown
        }

        private enum CodingKeys: String, CodingKey {
            case publiclyAccessible = "publiclyAccessible"
            case publiclyReadable = "publiclyReadable"
            case publiclyWritable = "publiclyWritable"
            case unknown = "unknown"
        }
    }

    public struct BucketCountByEncryptionType: AWSDecodableShape {
        /// The total number of buckets whose default encryption settings are configured to encrypt new objects with an KMS key, either an Amazon Web Services managed key or a customer managed key. By default, these buckets encrypt new objects automatically using DSSE-KMS or SSE-KMS encryption.
        public let kmsManaged: Int64?
        /// The total number of buckets whose default encryption settings are configured to encrypt new objects with an Amazon S3 managed key. By default, these buckets encrypt new objects automatically using SSE-S3 encryption.
        public let s3Managed: Int64?
        /// The total number of buckets that don't specify default server-side encryption behavior for new objects. Default encryption settings aren't configured for these buckets.
        public let unencrypted: Int64?
        /// The total number of buckets that Amazon Macie doesn't have current encryption metadata for. For example, the buckets' permissions settings or a quota prevented Macie from retrieving the default encryption settings for the buckets.
        public let unknown: Int64?

        @inlinable
        public init(kmsManaged: Int64? = nil, s3Managed: Int64? = nil, unencrypted: Int64? = nil, unknown: Int64? = nil) {
            self.kmsManaged = kmsManaged
            self.s3Managed = s3Managed
            self.unencrypted = unencrypted
            self.unknown = unknown
        }

        private enum CodingKeys: String, CodingKey {
            case kmsManaged = "kmsManaged"
            case s3Managed = "s3Managed"
            case unencrypted = "unencrypted"
            case unknown = "unknown"
        }
    }

    public struct BucketCountBySharedAccessType: AWSDecodableShape {
        /// The total number of buckets that are shared with one or more of the following or any combination of the following: an Amazon CloudFront OAI, a CloudFront OAC, or an Amazon Web Services account that isn't in the same Amazon Macie organization.
        public let external: Int64?
        /// The total number of buckets that are shared with one or more Amazon Web Services accounts in the same Amazon Macie organization. These buckets aren't shared with Amazon CloudFront OAIs or OACs.
        public let `internal`: Int64?
        /// The total number of buckets that aren't shared with other Amazon Web Services accounts, Amazon CloudFront OAIs, or CloudFront OACs.
        public let notShared: Int64?
        /// The total number of buckets that Amazon Macie wasn't able to evaluate shared access settings for. For example, the buckets' permissions settings or a quota prevented Macie from retrieving the requisite data. Macie can't determine whether the buckets are shared with other Amazon Web Services accounts, Amazon CloudFront OAIs, or CloudFront OACs.
        public let unknown: Int64?

        @inlinable
        public init(external: Int64? = nil, internal: Int64? = nil, notShared: Int64? = nil, unknown: Int64? = nil) {
            self.external = external
            self.`internal` = `internal`
            self.notShared = notShared
            self.unknown = unknown
        }

        private enum CodingKeys: String, CodingKey {
            case external = "external"
            case `internal` = "internal"
            case notShared = "notShared"
            case unknown = "unknown"
        }
    }

    public struct BucketCountPolicyAllowsUnencryptedObjectUploads: AWSDecodableShape {
        /// The total number of buckets that don't have a bucket policy or have a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, the policy doesn't require PutObject requests to include a valid server-side encryption header: the x-amz-server-side-encryption header with a value of AES256 or aws:kms, or the x-amz-server-side-encryption-customer-algorithm header with a value of AES256.
        public let allowsUnencryptedObjectUploads: Int64?
        /// The total number of buckets whose bucket policies require server-side encryption of new objects. PutObject requests for these buckets must include a valid server-side encryption header: the x-amz-server-side-encryption header with a value of AES256 or aws:kms, or the x-amz-server-side-encryption-customer-algorithm header with a value of AES256.
        public let deniesUnencryptedObjectUploads: Int64?
        /// The total number of buckets that Amazon Macie wasn't able to evaluate server-side encryption requirements for. For example, the buckets' permissions settings or a quota prevented Macie from retrieving the requisite data. Macie can't determine whether bucket policies for the buckets require server-side encryption of new objects.
        public let unknown: Int64?

        @inlinable
        public init(allowsUnencryptedObjectUploads: Int64? = nil, deniesUnencryptedObjectUploads: Int64? = nil, unknown: Int64? = nil) {
            self.allowsUnencryptedObjectUploads = allowsUnencryptedObjectUploads
            self.deniesUnencryptedObjectUploads = deniesUnencryptedObjectUploads
            self.unknown = unknown
        }

        private enum CodingKeys: String, CodingKey {
            case allowsUnencryptedObjectUploads = "allowsUnencryptedObjectUploads"
            case deniesUnencryptedObjectUploads = "deniesUnencryptedObjectUploads"
            case unknown = "unknown"
        }
    }

    public struct BucketCriteriaAdditionalProperties: AWSEncodableShape {
        /// The value for the property matches (equals) the specified value. If you specify multiple values, Amazon Macie uses OR logic to join the values.
        public let eq: [String]?
        /// The value for the property is greater than the specified value.
        public let gt: Int64?
        /// The value for the property is greater than or equal to the specified value.
        public let gte: Int64?
        /// The value for the property is less than the specified value.
        public let lt: Int64?
        /// The value for the property is less than or equal to the specified value.
        public let lte: Int64?
        /// The value for the property doesn't match (doesn't equal) the specified value. If you specify multiple values, Amazon Macie uses OR logic to join the values.
        public let neq: [String]?
        /// The name of the bucket begins with the specified value.
        public let prefix: String?

        @inlinable
        public init(eq: [String]? = nil, gt: Int64? = nil, gte: Int64? = nil, lt: Int64? = nil, lte: Int64? = nil, neq: [String]? = nil, prefix: String? = nil) {
            self.eq = eq
            self.gt = gt
            self.gte = gte
            self.lt = lt
            self.lte = lte
            self.neq = neq
            self.prefix = prefix
        }

        private enum CodingKeys: String, CodingKey {
            case eq = "eq"
            case gt = "gt"
            case gte = "gte"
            case lt = "lt"
            case lte = "lte"
            case neq = "neq"
            case prefix = "prefix"
        }
    }

    public struct BucketLevelPermissions: AWSDecodableShape {
        /// The permissions settings of the access control list (ACL) for the bucket. This value is null if an ACL hasn't been defined for the bucket.
        public let accessControlList: AccessControlList?
        /// The block public access settings for the bucket.
        public let blockPublicAccess: BlockPublicAccess?
        /// The permissions settings of the bucket policy for the bucket. This value is null if a bucket policy hasn't been defined for the bucket.
        public let bucketPolicy: BucketPolicy?

        @inlinable
        public init(accessControlList: AccessControlList? = nil, blockPublicAccess: BlockPublicAccess? = nil, bucketPolicy: BucketPolicy? = nil) {
            self.accessControlList = accessControlList
            self.blockPublicAccess = blockPublicAccess
            self.bucketPolicy = bucketPolicy
        }

        private enum CodingKeys: String, CodingKey {
            case accessControlList = "accessControlList"
            case blockPublicAccess = "blockPublicAccess"
            case bucketPolicy = "bucketPolicy"
        }
    }

    public struct BucketMetadata: AWSDecodableShape {
        /// The unique identifier for the Amazon Web Services account that owns the bucket.
        public let accountId: String?
        /// Specifies whether the bucket policy for the bucket requires server-side encryption of objects when objects are added to the bucket. Possible values are: FALSE - The bucket policy requires server-side encryption of new objects. PutObject requests must include a valid server-side encryption header. TRUE - The bucket doesn't have a bucket policy or it has a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, it doesn't require PutObject requests to include a valid server-side encryption header. UNKNOWN - Amazon Macie can't determine whether the bucket policy requires server-side encryption of new objects. Valid server-side encryption headers are: x-amz-server-side-encryption with a value of AES256 or aws:kms, and x-amz-server-side-encryption-customer-algorithm with a value of AES256.
        public let allowsUnencryptedObjectUploads: AllowsUnencryptedObjectUploads?
        /// Specifies whether automated sensitive data discovery is currently configured to analyze objects in the bucket. Possible values are: MONITORED, the bucket is included in analyses; and, NOT_MONITORED, the bucket is excluded from analyses. If automated sensitive data discovery is disabled for your account, this value is NOT_MONITORED.
        public let automatedDiscoveryMonitoringStatus: AutomatedDiscoveryMonitoringStatus?
        /// The Amazon Resource Name (ARN) of the bucket.
        public let bucketArn: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the bucket was created. This value can also indicate when changes such as edits to the bucket's policy were most recently made to the bucket.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var bucketCreatedAt: Date?
        /// The name of the bucket.
        public let bucketName: String?
        /// The total number of objects that Amazon Macie can analyze in the bucket. These objects use a supported storage class and have a file name extension for a supported file or storage format.
        public let classifiableObjectCount: Int64?
        /// The total storage size, in bytes, of the objects that Amazon Macie can analyze in the bucket. These objects use a supported storage class and have a file name extension for a supported file or storage format. If versioning is enabled for the bucket, Macie calculates this value based on the size of the latest version of each applicable object in the bucket. This value doesn't reflect the storage size of all versions of each applicable object in the bucket.
        public let classifiableSizeInBytes: Int64?
        /// The code for an error or issue that prevented Amazon Macie from retrieving and processing information about the bucket and the bucket's objects. Possible values are: ACCESS_DENIED - Macie doesn't have permission to retrieve the information. For example, the bucket has a restrictive bucket policy and Amazon S3 denied the request. BUCKET_COUNT_EXCEEDS_QUOTA - Retrieving and processing the information would exceed the quota for the number of buckets that Macie monitors for an account (10,000). If this value is null, Macie was able to retrieve and process the information.
        public let errorCode: BucketMetadataErrorCode?
        /// A brief description of the error or issue (errorCode) that prevented Amazon Macie from retrieving and processing information about the bucket and the bucket's objects. This value is null if Macie was able to retrieve and process the information.
        public let errorMessage: String?
        /// Specifies whether any one-time or recurring classification jobs are configured to analyze objects in the bucket, and, if so, the details of the job that ran most recently.
        public let jobDetails: JobDetails?
        /// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed objects in the bucket while performing automated sensitive data discovery. This value is null if this analysis hasn't occurred.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var lastAutomatedDiscoveryTime: Date?
        /// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieved bucket or object metadata from Amazon S3 for the bucket.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var lastUpdated: Date?
        /// The total number of objects in the bucket.
        public let objectCount: Int64?
        /// The total number of objects in the bucket, grouped by server-side encryption type. This includes a grouping that reports the total number of objects that aren't encrypted or use client-side encryption.
        public let objectCountByEncryptionType: ObjectCountByEncryptionType?
        /// Specifies whether the bucket is publicly accessible due to the combination of permissions settings that apply to the bucket, and provides information about those settings.
        public let publicAccess: BucketPublicAccess?
        /// The Amazon Web Services Region that hosts the bucket.
        public let region: String?
        /// Specifies whether the bucket is configured to replicate one or more objects to buckets for other Amazon Web Services accounts and, if so, which accounts.
        public let replicationDetails: ReplicationDetails?
        /// The sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive).If automated sensitive data discovery has never been enabled for your account or it's been disabled for your organization or standalone account for more than 30 days, possible values are: 1, the bucket is empty; or, 50, the bucket stores objects but it's been excluded from recent analyses.
        public let sensitivityScore: Int?
        /// The default server-side encryption settings for the bucket.
        public let serverSideEncryption: BucketServerSideEncryption?
        /// Specifies whether the bucket is shared with another Amazon Web Services account, an Amazon CloudFront origin access identity (OAI), or a CloudFront origin access control (OAC). Possible values are: EXTERNAL - The bucket is shared with one or more of the following or any combination of the following: a CloudFront OAI, a CloudFront OAC, or an Amazon Web Services account that isn't part of your Amazon Macie organization. INTERNAL - The bucket is shared with one or more Amazon Web Services accounts that are part of your Amazon Macie organization. It isn't shared with a CloudFront OAI or OAC. NOT_SHARED - The bucket isn't shared with another Amazon Web Services account, a CloudFront OAI, or a CloudFront OAC. UNKNOWN - Amazon Macie wasn't able to evaluate the shared access settings for the bucket. An Amazon Macie organization is a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.
        public let sharedAccess: SharedAccess?
        /// The total storage size, in bytes, of the bucket. If versioning is enabled for the bucket, Amazon Macie calculates this value based on the size of the latest version of each object in the bucket. This value doesn't reflect the storage size of all versions of each object in the bucket.
        public let sizeInBytes: Int64?
        /// The total storage size, in bytes, of the objects that are compressed (.gz, .gzip, .zip) files in the bucket. If versioning is enabled for the bucket, Amazon Macie calculates this value based on the size of the latest version of each applicable object in the bucket. This value doesn't reflect the storage size of all versions of each applicable object in the bucket.
        public let sizeInBytesCompressed: Int64?
        /// An array that specifies the tags (keys and values) that are associated with the bucket.
        public let tags: [KeyValuePair]?
        /// The total number of objects that Amazon Macie can't analyze in the bucket. These objects don't use a supported storage class or don't have a file name extension for a supported file or storage format.
        public let unclassifiableObjectCount: ObjectLevelStatistics?
        /// The total storage size, in bytes, of the objects that Amazon Macie can't analyze in the bucket. These objects don't use a supported storage class or don't have a file name extension for a supported file or storage format.
        public let unclassifiableObjectSizeInBytes: ObjectLevelStatistics?
        /// Specifies whether versioning is enabled for the bucket.
        public let versioning: Bool?

        @inlinable
        public init(accountId: String? = nil, allowsUnencryptedObjectUploads: AllowsUnencryptedObjectUploads? = nil, automatedDiscoveryMonitoringStatus: AutomatedDiscoveryMonitoringStatus? = nil, bucketArn: String? = nil, bucketCreatedAt: Date? = nil, bucketName: String? = nil, classifiableObjectCount: Int64? = nil, classifiableSizeInBytes: Int64? = nil, errorCode: BucketMetadataErrorCode? = nil, errorMessage: String? = nil, jobDetails: JobDetails? = nil, lastAutomatedDiscoveryTime: Date? = nil, lastUpdated: Date? = nil, objectCount: Int64? = nil, objectCountByEncryptionType: ObjectCountByEncryptionType? = nil, publicAccess: BucketPublicAccess? = nil, region: String? = nil, replicationDetails: ReplicationDetails? = nil, sensitivityScore: Int? = nil, serverSideEncryption: BucketServerSideEncryption? = nil, sharedAccess: SharedAccess? = nil, sizeInBytes: Int64? = nil, sizeInBytesCompressed: Int64? = nil, tags: [KeyValuePair]? = nil, unclassifiableObjectCount: ObjectLevelStatistics? = nil, unclassifiableObjectSizeInBytes: ObjectLevelStatistics? = nil, versioning: Bool? = nil) {
            self.accountId = accountId
            self.allowsUnencryptedObjectUploads = allowsUnencryptedObjectUploads
            self.automatedDiscoveryMonitoringStatus = automatedDiscoveryMonitoringStatus
            self.bucketArn = bucketArn
            self.bucketCreatedAt = bucketCreatedAt
            self.bucketName = bucketName
            self.classifiableObjectCount = classifiableObjectCount
            self.classifiableSizeInBytes = classifiableSizeInBytes
            self.errorCode = errorCode
            self.errorMessage = errorMessage
            self.jobDetails = jobDetails
            self.lastAutomatedDiscoveryTime = lastAutomatedDiscoveryTime
            self.lastUpdated = lastUpdated
            self.objectCount = objectCount
            self.objectCountByEncryptionType = objectCountByEncryptionType
            self.publicAccess = publicAccess
            self.region = region
            self.replicationDetails = replicationDetails
            self.sensitivityScore = sensitivityScore
            self.serverSideEncryption = serverSideEncryption
            self.sharedAccess = sharedAccess
            self.sizeInBytes = sizeInBytes
            self.sizeInBytesCompressed = sizeInBytesCompressed
            self.tags = tags
            self.unclassifiableObjectCount = unclassifiableObjectCount
            self.unclassifiableObjectSizeInBytes = unclassifiableObjectSizeInBytes
            self.versioning = versioning
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case allowsUnencryptedObjectUploads = "allowsUnencryptedObjectUploads"
            case automatedDiscoveryMonitoringStatus = "automatedDiscoveryMonitoringStatus"
            case bucketArn = "bucketArn"
            case bucketCreatedAt = "bucketCreatedAt"
            case bucketName = "bucketName"
            case classifiableObjectCount = "classifiableObjectCount"
            case classifiableSizeInBytes = "classifiableSizeInBytes"
            case errorCode = "errorCode"
            case errorMessage = "errorMessage"
            case jobDetails = "jobDetails"
            case lastAutomatedDiscoveryTime = "lastAutomatedDiscoveryTime"
            case lastUpdated = "lastUpdated"
            case objectCount = "objectCount"
            case objectCountByEncryptionType = "objectCountByEncryptionType"
            case publicAccess = "publicAccess"
            case region = "region"
            case replicationDetails = "replicationDetails"
            case sensitivityScore = "sensitivityScore"
            case serverSideEncryption = "serverSideEncryption"
            case sharedAccess = "sharedAccess"
            case sizeInBytes = "sizeInBytes"
            case sizeInBytesCompressed = "sizeInBytesCompressed"
            case tags = "tags"
            case unclassifiableObjectCount = "unclassifiableObjectCount"
            case unclassifiableObjectSizeInBytes = "unclassifiableObjectSizeInBytes"
            case versioning = "versioning"
        }
    }

    public struct BucketPermissionConfiguration: AWSDecodableShape {
        /// The account-level permissions settings that apply to the bucket.
        public let accountLevelPermissions: AccountLevelPermissions?
        /// The bucket-level permissions settings for the bucket.
        public let bucketLevelPermissions: BucketLevelPermissions?

        @inlinable
        public init(accountLevelPermissions: AccountLevelPermissions? = nil, bucketLevelPermissions: BucketLevelPermissions? = nil) {
            self.accountLevelPermissions = accountLevelPermissions
            self.bucketLevelPermissions = bucketLevelPermissions
        }

        private enum CodingKeys: String, CodingKey {
            case accountLevelPermissions = "accountLevelPermissions"
            case bucketLevelPermissions = "bucketLevelPermissions"
        }
    }

    public struct BucketPolicy: AWSDecodableShape {
        /// Specifies whether the bucket policy allows the general public to have read access to the bucket.
        public let allowsPublicReadAccess: Bool?
        /// Specifies whether the bucket policy allows the general public to have write access to the bucket.
        public let allowsPublicWriteAccess: Bool?

        @inlinable
        public init(allowsPublicReadAccess: Bool? = nil, allowsPublicWriteAccess: Bool? = nil) {
            self.allowsPublicReadAccess = allowsPublicReadAccess
            self.allowsPublicWriteAccess = allowsPublicWriteAccess
        }

        private enum CodingKeys: String, CodingKey {
            case allowsPublicReadAccess = "allowsPublicReadAccess"
            case allowsPublicWriteAccess = "allowsPublicWriteAccess"
        }
    }

    public struct BucketPublicAccess: AWSDecodableShape {
        /// Specifies whether the bucket is publicly accessible due to the combination of permissions settings that apply to the bucket. Possible values are: NOT_PUBLIC - The bucket isn't publicly accessible. PUBLIC - The bucket is publicly accessible. UNKNOWN - Amazon Macie can't determine whether the bucket is publicly accessible.
        public let effectivePermission: EffectivePermission?
        /// The account-level and bucket-level permissions settings for the bucket.
        public let permissionConfiguration: BucketPermissionConfiguration?

        @inlinable
        public init(effectivePermission: EffectivePermission? = nil, permissionConfiguration: BucketPermissionConfiguration? = nil) {
            self.effectivePermission = effectivePermission
            self.permissionConfiguration = permissionConfiguration
        }

        private enum CodingKeys: String, CodingKey {
            case effectivePermission = "effectivePermission"
            case permissionConfiguration = "permissionConfiguration"
        }
    }

    public struct BucketServerSideEncryption: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS key that's used by default to encrypt objects that are added to the bucket. This value is null if the bucket is configured to use an Amazon S3 managed key to encrypt new objects.
        public let kmsMasterKeyId: String?
        /// The server-side encryption algorithm that's used by default to encrypt objects that are added to the bucket. Possible values are: AES256 - New objects use SSE-S3 encryption. They're encrypted with an Amazon S3 managed key. aws:kms - New objects use SSE-KMS encryption. They're encrypted with an KMS key (kmsMasterKeyId), either an Amazon Web Services managed key or a customer managed key. aws:kms:dsse - New objects use DSSE-KMS encryption. They're encrypted with an KMS key (kmsMasterKeyId), either an Amazon Web Services managed key or a customer managed key. NONE - The bucket's default encryption settings don't specify server-side encryption behavior for new objects.
        public let type: `Type`?

        @inlinable
        public init(kmsMasterKeyId: String? = nil, type: `Type`? = nil) {
            self.kmsMasterKeyId = kmsMasterKeyId
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case kmsMasterKeyId = "kmsMasterKeyId"
            case type = "type"
        }
    }

    public struct BucketSortCriteria: AWSEncodableShape {
        /// The name of the bucket property to sort the results by. This value can be one of the following properties that Amazon Macie defines as bucket metadata: accountId, bucketName, classifiableObjectCount, classifiableSizeInBytes, objectCount, sensitivityScore, or sizeInBytes.
        public let attributeName: String?
        /// The sort order to apply to the results, based on the value specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
        public let orderBy: OrderBy?

        @inlinable
        public init(attributeName: String? = nil, orderBy: OrderBy? = nil) {
            self.attributeName = attributeName
            self.orderBy = orderBy
        }

        private enum CodingKeys: String, CodingKey {
            case attributeName = "attributeName"
            case orderBy = "orderBy"
        }
    }

    public struct BucketStatisticsBySensitivity: AWSDecodableShape {
        /// The aggregated statistical data for all buckets that have a sensitivity score of -1.
        public let classificationError: SensitivityAggregations?
        /// The aggregated statistical data for all buckets that have a sensitivity score of 50.
        public let notClassified: SensitivityAggregations?
        /// The aggregated statistical data for all buckets that have a sensitivity score of 1-49.
        public let notSensitive: SensitivityAggregations?
        /// The aggregated statistical data for all buckets that have a sensitivity score of 51-100.
        public let sensitive: SensitivityAggregations?

        @inlinable
        public init(classificationError: SensitivityAggregations? = nil, notClassified: SensitivityAggregations? = nil, notSensitive: SensitivityAggregations? = nil, sensitive: SensitivityAggregations? = nil) {
            self.classificationError = classificationError
            self.notClassified = notClassified
            self.notSensitive = notSensitive
            self.sensitive = sensitive
        }

        private enum CodingKeys: String, CodingKey {
            case classificationError = "classificationError"
            case notClassified = "notClassified"
            case notSensitive = "notSensitive"
            case sensitive = "sensitive"
        }
    }

    public struct Cell: AWSDecodableShape {
        /// The location of the cell, as an absolute cell reference, that contains the sensitive data, for example Sheet2!C5 for cell C5 on Sheet2 in a Microsoft Excel workbook. This value is null for CSV and TSV files.
        public let cellReference: String?
        /// The column number of the column that contains the sensitive data. For a Microsoft Excel workbook, this value correlates to the alphabetical character(s) for a column identifier, for example: 1 for column A, 2 for column B, and so on.
        public let column: Int64?
        /// The name of the column that contains the sensitive data, if available.
        public let columnName: String?
        /// The row number of the row that contains the sensitive data.
        public let row: Int64?

        @inlinable
        public init(cellReference: String? = nil, column: Int64? = nil, columnName: String? = nil, row: Int64? = nil) {
            self.cellReference = cellReference
            self.column = column
            self.columnName = columnName
            self.row = row
        }

        private enum CodingKeys: String, CodingKey {
            case cellReference = "cellReference"
            case column = "column"
            case columnName = "columnName"
            case row = "row"
        }
    }

    public struct ClassificationDetails: AWSDecodableShape {
        /// The path to the folder or file in Amazon S3 that contains the corresponding sensitive data discovery result for the finding. If a finding applies to a large archive or compressed file, this value is the path to a folder. Otherwise, this value is the path to a file.
        public let detailedResultsLocation: String?
        /// The Amazon Resource Name (ARN) of the classification job that produced the finding. This value is null if the origin of the finding (originType) is AUTOMATED_SENSITIVE_DATA_DISCOVERY.
        public let jobArn: String?
        /// The unique identifier for the classification job that produced the finding. This value is null if the origin of the finding (originType) is AUTOMATED_SENSITIVE_DATA_DISCOVERY.
        public let jobId: String?
        /// Specifies how Amazon Macie found the sensitive data that produced the finding. Possible values are: SENSITIVE_DATA_DISCOVERY_JOB, for a classification job; and, AUTOMATED_SENSITIVE_DATA_DISCOVERY, for automated sensitive data discovery.
        public let originType: OriginType?
        /// The status and other details of the finding.
        public let result: ClassificationResult?

        @inlinable
        public init(detailedResultsLocation: String? = nil, jobArn: String? = nil, jobId: String? = nil, originType: OriginType? = nil, result: ClassificationResult? = nil) {
            self.detailedResultsLocation = detailedResultsLocation
            self.jobArn = jobArn
            self.jobId = jobId
            self.originType = originType
            self.result = result
        }

        private enum CodingKeys: String, CodingKey {
            case detailedResultsLocation = "detailedResultsLocation"
            case jobArn = "jobArn"
            case jobId = "jobId"
            case originType = "originType"
            case result = "result"
        }
    }

    public struct ClassificationExportConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// The S3 bucket to store data classification results in, and the encryption settings to use when storing results in that bucket.
        public let s3Destination: S3Destination?

        @inlinable
        public init(s3Destination: S3Destination? = nil) {
            self.s3Destination = s3Destination
        }

        private enum CodingKeys: String, CodingKey {
            case s3Destination = "s3Destination"
        }
    }

    public struct ClassificationResult: AWSDecodableShape {
        /// Specifies whether Amazon Macie detected additional occurrences of sensitive data in the S3 object. A finding includes location data for a maximum of 15 occurrences of sensitive data. This value can help you determine whether to investigate additional occurrences of sensitive data in an object. You can do this by referring to the corresponding sensitive data discovery result for the finding (classificationDetails.detailedResultsLocation).
        public let additionalOccurrences: Bool?
        /// The custom data identifiers that detected the sensitive data and the number of occurrences of the data that they detected.
        public let customDataIdentifiers: CustomDataIdentifiers?
        /// The type of content, as a MIME type, that the finding applies to. For example, application/gzip, for a GNU Gzip compressed archive file, or application/pdf, for an Adobe Portable Document Format file.
        public let mimeType: String?
        /// The category, types, and number of occurrences of the sensitive data that produced the finding.
        public let sensitiveData: [SensitiveDataItem]?
        /// The total size, in bytes, of the data that the finding applies to.
        public let sizeClassified: Int64?
        /// The status of the finding.
        public let status: ClassificationResultStatus?

        @inlinable
        public init(additionalOccurrences: Bool? = nil, customDataIdentifiers: CustomDataIdentifiers? = nil, mimeType: String? = nil, sensitiveData: [SensitiveDataItem]? = nil, sizeClassified: Int64? = nil, status: ClassificationResultStatus? = nil) {
            self.additionalOccurrences = additionalOccurrences
            self.customDataIdentifiers = customDataIdentifiers
            self.mimeType = mimeType
            self.sensitiveData = sensitiveData
            self.sizeClassified = sizeClassified
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case additionalOccurrences = "additionalOccurrences"
            case customDataIdentifiers = "customDataIdentifiers"
            case mimeType = "mimeType"
            case sensitiveData = "sensitiveData"
            case sizeClassified = "sizeClassified"
            case status = "status"
        }
    }

    public struct ClassificationResultStatus: AWSDecodableShape {
        /// The status of the finding. Possible values are: COMPLETE - Amazon Macie successfully completed its analysis of the S3 object that the finding applies to. PARTIAL - Macie analyzed only a subset of the data in the S3 object that the finding applies to. For example, the object is an archive file that contains files in an unsupported format. SKIPPED - Macie wasn't able to analyze the S3 object that the finding applies to. For example, the object is a file that uses an unsupported format.
        public let code: String?
        /// A brief description of the status of the finding. This value is null if the status (code) of the finding is COMPLETE. Amazon Macie uses this value to notify you of any errors, warnings, or considerations that might impact your analysis of the finding and the affected S3 object. Possible values are: ARCHIVE_CONTAINS_UNPROCESSED_FILES - The object is an archive file and Macie extracted and analyzed only some or none of the files in the archive. To determine which files Macie analyzed, if any, refer to the corresponding sensitive data discovery result for the finding (classificationDetails.detailedResultsLocation). ARCHIVE_EXCEEDS_SIZE_LIMIT - The object is an archive file whose total storage size exceeds the size quota for this type of archive. ARCHIVE_NESTING_LEVEL_OVER_LIMIT - The object is an archive file whose nested depth exceeds the quota for the maximum number of nested levels that Macie analyzes for this type of archive. ARCHIVE_TOTAL_BYTES_EXTRACTED_OVER_LIMIT - The object is an archive file that exceeds the quota for the maximum amount of data that Macie extracts and analyzes for this type of archive. ARCHIVE_TOTAL_DOCUMENTS_PROCESSED_OVER_LIMIT - The object is an archive file that contains more than the maximum number of files that Macie extracts and analyzes for this type of archive. FILE_EXCEEDS_SIZE_LIMIT - The storage size of the object exceeds the size quota for this type of file. INVALID_ENCRYPTION - The object is encrypted using server-side encryption but Macie isn't allowed to use the key. Macie can't decrypt and analyze the object. INVALID_KMS_KEY - The object is encrypted with an KMS key that was disabled or is being deleted. Macie can't decrypt and analyze the object. INVALID_OBJECT_STATE - The object doesn't use a supported Amazon S3 storage class. JSON_NESTING_LEVEL_OVER_LIMIT - The object contains JSON data and the nested depth of the data exceeds the quota for the number of nested levels that Macie analyzes for this type of file. MALFORMED_FILE - The object is a malformed or corrupted file. An error occurred when Macie attempted to detect the file's type or extract data from the file. MALFORMED_OR_FILE_SIZE_EXCEEDS_LIMIT - The object is a Microsoft Office file that is malformed or exceeds the size quota for this type of file. If the file is malformed, an error occurred when Macie attempted to extract data from the file. NO_SUCH_BUCKET_AVAILABLE - The object was in a bucket that was deleted shortly before or when Macie attempted to analyze the object. OBJECT_VERSION_MISMATCH - The object was changed while Macie was analyzing it. OOXML_UNCOMPRESSED_RATIO_EXCEEDS_LIMIT - The object is an Office Open XML file whose compression ratio exceeds the compression quota for this type of file. OOXML_UNCOMPRESSED_SIZE_EXCEEDS_LIMIT - The object is an Office Open XML file that exceeds the size quota for this type of file. PERMISSION_DENIED - Macie isn't allowed to access the object. The object's permissions settings prevent Macie from analyzing the object. SOURCE_OBJECT_NO_LONGER_AVAILABLE - The object was deleted shortly before or when Macie attempted to analyze it. TIME_CUT_OFF_REACHED - Macie started analyzing the object but additional analysis would exceed the time quota for analyzing an object. UNABLE_TO_PARSE_FILE - The object is a file that contains structured data and an error occurred when Macie attempted to parse the data. UNSUPPORTED_FILE_TYPE_EXCEPTION - The object is a file that uses an unsupported file or storage format. For information about quotas, supported storage classes, and supported file and storage formats, see Quotas and Supported storage classes and formats in the Amazon Macie User Guide.
        public let reason: String?

        @inlinable
        public init(code: String? = nil, reason: String? = nil) {
            self.code = code
            self.reason = reason
        }

        private enum CodingKeys: String, CodingKey {
            case code = "code"
            case reason = "reason"
        }
    }

    public struct ClassificationScopeSummary: AWSDecodableShape {
        /// The unique identifier for the classification scope.
        public let id: String?
        /// The name of the classification scope: automated-sensitive-data-discovery.
        public let name: String?

        @inlinable
        public init(id: String? = nil, name: String? = nil) {
            self.id = id
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case id = "id"
            case name = "name"
        }
    }

    public struct CreateAllowListRequest: AWSEncodableShape {
        /// A unique, case-sensitive token that you provide to ensure the idempotency of the request.
        public let clientToken: String?
        /// The criteria that specify the text or text pattern to ignore. The criteria can be the location and name of an S3 object that lists specific text to ignore (s3WordsList), or a regular expression (regex) that defines a text pattern to ignore.
        public let criteria: AllowListCriteria?
        /// A custom description of the allow list. The description can contain as many as 512 characters.
        public let description: String?
        /// A custom name for the allow list. The name can contain as many as 128 characters.
        public let name: String?
        /// A map of key-value pairs that specifies the tags to associate with the allow list. An allow list can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
        public let tags: [String: String]?

        @inlinable
        public init(clientToken: String? = nil, criteria: AllowListCriteria? = nil, description: String? = nil, name: String? = nil, tags: [String: String]? = nil) {
            self.clientToken = clientToken
            self.criteria = criteria
            self.description = description
            self.name = name
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.criteria?.validate(name: "\(name).criteria")
            try self.validate(self.description, name: "description", parent: name, max: 512)
            try self.validate(self.description, name: "description", parent: name, min: 1)
            try self.validate(self.description, name: "description", parent: name, pattern: "^[\\s\\S]+$")
            try self.validate(self.name, name: "name", parent: name, max: 128)
            try self.validate(self.name, name: "name", parent: name, min: 1)
            try self.validate(self.name, name: "name", parent: name, pattern: "^.+$")
        }

        private enum CodingKeys: String, CodingKey {
            case clientToken = "clientToken"
            case criteria = "criteria"
            case description = "description"
            case name = "name"
            case tags = "tags"
        }
    }

    public struct CreateAllowListResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the allow list.
        public let arn: String?
        /// The unique identifier for the allow list.
        public let id: String?

        @inlinable
        public init(arn: String? = nil, id: String? = nil) {
            self.arn = arn
            self.id = id
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case id = "id"
        }
    }

    public struct CreateClassificationJobRequest: AWSEncodableShape {
        /// An array of unique identifiers, one for each allow list for the job to use when it analyzes data.
        public let allowListIds: [String]?
        /// A unique, case-sensitive token that you provide to ensure the idempotency of the request.
        public let clientToken: String?
        /// An array of unique identifiers, one for each custom data identifier for the job to use when it analyzes data. To use only managed data identifiers, don't specify a value for this property and specify a value other than NONE for the managedDataIdentifierSelector property.
        public let customDataIdentifierIds: [String]?
        /// A custom description of the job. The description can contain as many as 200 characters.
        public let description: String?
        /// For a recurring job, specifies whether to analyze all existing, eligible objects immediately after the job is created (true). To analyze only those objects that are created or changed after you create the job and before the job's first scheduled run, set this value to false. If you configure the job to run only once, don't specify a value for this property.
        public let initialRun: Bool?
        /// The schedule for running the job. Valid values are: ONE_TIME - Run the job only once. If you specify this value, don't specify a value for the scheduleFrequency property. SCHEDULED - Run the job on a daily, weekly, or monthly basis. If you specify this value, use the scheduleFrequency property to specify the recurrence pattern for the job.
        public let jobType: JobType?
        /// An array of unique identifiers, one for each managed data identifier for the job to include (use) or exclude (not use) when it analyzes data. Inclusion or exclusion depends on the managed data identifier selection type that you specify for the job (managedDataIdentifierSelector). To retrieve a list of valid values for this property, use the ListManagedDataIdentifiers operation.
        public let managedDataIdentifierIds: [String]?
        /// The selection type to apply when determining which managed data identifiers the job uses to analyze data. Valid values are: ALL - Use all managed data identifiers. If you specify this value, don't specify any values for the managedDataIdentifierIds property. EXCLUDE - Use all managed data identifiers except the ones specified by the managedDataIdentifierIds property. INCLUDE - Use only the managed data identifiers specified by the managedDataIdentifierIds property. NONE - Don't use any managed data identifiers. If you specify this value, specify at least one value for the customDataIdentifierIds property and don't specify any values for the managedDataIdentifierIds property. RECOMMENDED (default) - Use the recommended set of managed data identifiers. If you specify this value, don't specify any values for the managedDataIdentifierIds property. If you don't specify a value for this property, the job uses the recommended set of managed data identifiers. If the job is a recurring job and you specify ALL or EXCLUDE, each job run automatically uses new managed data identifiers that are released. If you don't specify a value for this property or you specify RECOMMENDED for a recurring job, each job run automatically uses all the managed data identifiers that are in the recommended set when the run starts. To learn about individual managed data identifiers or determine which ones are in the recommended set, see Using managed data identifiers or Recommended managed data identifiers in the Amazon Macie User Guide.
        public let managedDataIdentifierSelector: ManagedDataIdentifierSelector?
        /// A custom name for the job. The name can contain as many as 500 characters.
        public let name: String?
        /// The S3 buckets that contain the objects to analyze, and the scope of that analysis.
        public let s3JobDefinition: S3JobDefinition?
        /// The sampling depth, as a percentage, for the job to apply when processing objects. This value determines the percentage of eligible objects that the job analyzes. If this value is less than 100, Amazon Macie selects the objects to analyze at random, up to the specified percentage, and analyzes all the data in those objects.
        public let samplingPercentage: Int?
        /// The recurrence pattern for running the job. To run the job only once, don't specify a value for this property and set the value for the jobType property to ONE_TIME.
        public let scheduleFrequency: JobScheduleFrequency?
        /// A map of key-value pairs that specifies the tags to associate with the job. A job can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
        public let tags: [String: String]?

        @inlinable
        public init(allowListIds: [String]? = nil, clientToken: String? = nil, customDataIdentifierIds: [String]? = nil, description: String? = nil, initialRun: Bool? = nil, jobType: JobType? = nil, managedDataIdentifierIds: [String]? = nil, managedDataIdentifierSelector: ManagedDataIdentifierSelector? = nil, name: String? = nil, s3JobDefinition: S3JobDefinition? = nil, samplingPercentage: Int? = nil, scheduleFrequency: JobScheduleFrequency? = nil, tags: [String: String]? = nil) {
            self.allowListIds = allowListIds
            self.clientToken = clientToken
            self.customDataIdentifierIds = customDataIdentifierIds
            self.description = description
            self.initialRun = initialRun
            self.jobType = jobType
            self.managedDataIdentifierIds = managedDataIdentifierIds
            self.managedDataIdentifierSelector = managedDataIdentifierSelector
            self.name = name
            self.s3JobDefinition = s3JobDefinition
            self.samplingPercentage = samplingPercentage
            self.scheduleFrequency = scheduleFrequency
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case allowListIds = "allowListIds"
            case clientToken = "clientToken"
            case customDataIdentifierIds = "customDataIdentifierIds"
            case description = "description"
            case initialRun = "initialRun"
            case jobType = "jobType"
            case managedDataIdentifierIds = "managedDataIdentifierIds"
            case managedDataIdentifierSelector = "managedDataIdentifierSelector"
            case name = "name"
            case s3JobDefinition = "s3JobDefinition"
            case samplingPercentage = "samplingPercentage"
            case scheduleFrequency = "scheduleFrequency"
            case tags = "tags"
        }
    }

    public struct CreateClassificationJobResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the job.
        public let jobArn: String?
        /// The unique identifier for the job.
        public let jobId: String?

        @inlinable
        public init(jobArn: String? = nil, jobId: String? = nil) {
            self.jobArn = jobArn
            self.jobId = jobId
        }

        private enum CodingKeys: String, CodingKey {
            case jobArn = "jobArn"
            case jobId = "jobId"
        }
    }

    public struct CreateCustomDataIdentifierRequest: AWSEncodableShape {
        /// A unique, case-sensitive token that you provide to ensure the idempotency of the request.
        public let clientToken: String?
        /// A custom description of the custom data identifier. The description can contain as many as 512 characters. We strongly recommend that you avoid including any sensitive data in the description of a custom data identifier. Other users of your account might be able to see this description, depending on the actions that they're allowed to perform in Amazon Macie.
        public let description: String?
        /// An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression contains any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4-90 UTF-8 characters. Ignore words are case sensitive.
        public let ignoreWords: [String]?
        /// An array that lists specific character sequences (keywords), one of which must precede and be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 3-90 UTF-8 characters. Keywords aren't case sensitive.
        public let keywords: [String]?
        /// The maximum number of characters that can exist between the end of at least one complete character sequence specified by the keywords array and the end of the text that matches the regex pattern. If a complete keyword precedes all the text that matches the pattern and the keyword is within the specified distance, Amazon Macie includes the result. The distance can be 1-300 characters. The default value is 50.
        public let maximumMatchDistance: Int?
        /// A custom name for the custom data identifier. The name can contain as many as 128 characters. We strongly recommend that you avoid including any sensitive data in the name of a custom data identifier. Other users of your account might be able to see this name, depending on the actions that they're allowed to perform in Amazon Macie.
        public let name: String?
        /// The regular expression (regex) that defines the pattern to match. The expression can contain as many as 512 characters.
        public let regex: String?
        /// The severity to assign to findings that the custom data identifier produces, based on the number of occurrences of text that match the custom data identifier's detection criteria. You can specify as many as three SeverityLevel objects in this array, one for each severity: LOW, MEDIUM, or HIGH. If you specify more than one, the occurrences thresholds must be in ascending order by severity, moving from LOW to HIGH. For example, 1 for LOW, 50 for MEDIUM, and 100 for HIGH. If an S3 object contains fewer occurrences than the lowest specified threshold, Amazon Macie doesn't create a finding. If you don't specify any values for this array, Macie creates findings for S3 objects that contain at least one occurrence of text that matches the detection criteria, and Macie assigns the MEDIUM severity to those findings.
        public let severityLevels: [SeverityLevel]?
        /// A map of key-value pairs that specifies the tags to associate with the custom data identifier. A custom data identifier can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
        public let tags: [String: String]?

        @inlinable
        public init(clientToken: String? = CreateCustomDataIdentifierRequest.idempotencyToken(), description: String? = nil, ignoreWords: [String]? = nil, keywords: [String]? = nil, maximumMatchDistance: Int? = nil, name: String? = nil, regex: String? = nil, severityLevels: [SeverityLevel]? = nil, tags: [String: String]? = nil) {
            self.clientToken = clientToken
            self.description = description
            self.ignoreWords = ignoreWords
            self.keywords = keywords
            self.maximumMatchDistance = maximumMatchDistance
            self.name = name
            self.regex = regex
            self.severityLevels = severityLevels
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case clientToken = "clientToken"
            case description = "description"
            case ignoreWords = "ignoreWords"
            case keywords = "keywords"
            case maximumMatchDistance = "maximumMatchDistance"
            case name = "name"
            case regex = "regex"
            case severityLevels = "severityLevels"
            case tags = "tags"
        }
    }

    public struct CreateCustomDataIdentifierResponse: AWSDecodableShape {
        /// The unique identifier for the custom data identifier that was created.
        public let customDataIdentifierId: String?

        @inlinable
        public init(customDataIdentifierId: String? = nil) {
            self.customDataIdentifierId = customDataIdentifierId
        }

        private enum CodingKeys: String, CodingKey {
            case customDataIdentifierId = "customDataIdentifierId"
        }
    }

    public struct CreateFindingsFilterRequest: AWSEncodableShape {
        /// The action to perform on findings that match the filter criteria (findingCriteria). Valid values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.
        public let action: FindingsFilterAction?
        /// A unique, case-sensitive token that you provide to ensure the idempotency of the request.
        public let clientToken: String?
        /// A custom description of the filter. The description can contain as many as 512 characters. We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users of your account might be able to see this description, depending on the actions that they're allowed to perform in Amazon Macie.
        public let description: String?
        /// The criteria to use to filter findings.
        public let findingCriteria: FindingCriteria?
        /// A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters. We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users of your account might be able to see this name, depending on the actions that they're allowed to perform in Amazon Macie.
        public let name: String?
        /// The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.
        public let position: Int?
        /// A map of key-value pairs that specifies the tags to associate with the filter. A findings filter can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
        public let tags: [String: String]?

        @inlinable
        public init(action: FindingsFilterAction? = nil, clientToken: String? = CreateFindingsFilterRequest.idempotencyToken(), description: String? = nil, findingCriteria: FindingCriteria? = nil, name: String? = nil, position: Int? = nil, tags: [String: String]? = nil) {
            self.action = action
            self.clientToken = clientToken
            self.description = description
            self.findingCriteria = findingCriteria
            self.name = name
            self.position = position
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case action = "action"
            case clientToken = "clientToken"
            case description = "description"
            case findingCriteria = "findingCriteria"
            case name = "name"
            case position = "position"
            case tags = "tags"
        }
    }

    public struct CreateFindingsFilterResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the filter that was created.
        public let arn: String?
        /// The unique identifier for the filter that was created.
        public let id: String?

        @inlinable
        public init(arn: String? = nil, id: String? = nil) {
            self.arn = arn
            self.id = id
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case id = "id"
        }
    }

    public struct CreateInvitationsRequest: AWSEncodableShape {
        /// An array that lists Amazon Web Services account IDs, one for each account to send the invitation to.
        public let accountIds: [String]?
        /// Specifies whether to send the invitation as an email message. If this value is false, Amazon Macie sends the invitation (as an email message) to the email address that you specified for the recipient's account when you associated the account with your account. The default value is false.
        public let disableEmailNotification: Bool?
        /// Custom text to include in the email message that contains the invitation. The text can contain as many as 80 alphanumeric characters.
        public let message: String?

        @inlinable
        public init(accountIds: [String]? = nil, disableEmailNotification: Bool? = nil, message: String? = nil) {
            self.accountIds = accountIds
            self.disableEmailNotification = disableEmailNotification
            self.message = message
        }

        private enum CodingKeys: String, CodingKey {
            case accountIds = "accountIds"
            case disableEmailNotification = "disableEmailNotification"
            case message = "message"
        }
    }

    public struct CreateInvitationsResponse: AWSDecodableShape {
        /// An array of objects, one for each account whose invitation hasn't been processed. Each object identifies the account and explains why the invitation hasn't been processed for the account.
        public let unprocessedAccounts: [UnprocessedAccount]?

        @inlinable
        public init(unprocessedAccounts: [UnprocessedAccount]? = nil) {
            self.unprocessedAccounts = unprocessedAccounts
        }

        private enum CodingKeys: String, CodingKey {
            case unprocessedAccounts = "unprocessedAccounts"
        }
    }

    public struct CreateMemberRequest: AWSEncodableShape {
        /// The details of the account to associate with the administrator account.
        public let account: AccountDetail?
        /// A map of key-value pairs that specifies the tags to associate with the account in Amazon Macie. An account can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
        public let tags: [String: String]?

        @inlinable
        public init(account: AccountDetail? = nil, tags: [String: String]? = nil) {
            self.account = account
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case account = "account"
            case tags = "tags"
        }
    }

    public struct CreateMemberResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the account that was associated with the administrator account.
        public let arn: String?

        @inlinable
        public init(arn: String? = nil) {
            self.arn = arn
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
        }
    }

    public struct CreateSampleFindingsRequest: AWSEncodableShape {
        /// An array of finding types, one for each type of sample finding to create. To create a sample of every type of finding that Amazon Macie supports, don't include this array in your request.
        public let findingTypes: [FindingType]?

        @inlinable
        public init(findingTypes: [FindingType]? = nil) {
            self.findingTypes = findingTypes
        }

        private enum CodingKeys: String, CodingKey {
            case findingTypes = "findingTypes"
        }
    }

    public struct CreateSampleFindingsResponse: AWSDecodableShape {
        public init() {}
    }

    public struct CriteriaBlockForJob: AWSEncodableShape & AWSDecodableShape {
        /// An array of conditions, one for each condition that determines which buckets to include or exclude from the job. If you specify more than one condition, Amazon Macie uses AND logic to join the conditions.
        public let and: [CriteriaForJob]?

        @inlinable
        public init(and: [CriteriaForJob]? = nil) {
            self.and = and
        }

        private enum CodingKeys: String, CodingKey {
            case and = "and"
        }
    }

    public struct CriteriaForJob: AWSEncodableShape & AWSDecodableShape {
        /// A property-based condition that defines a property, operator, and one or more values for including or excluding buckets from the job.
        public let simpleCriterion: SimpleCriterionForJob?
        /// A tag-based condition that defines an operator and tag keys, tag values, or tag key and value pairs for including or excluding buckets from the job.
        public let tagCriterion: TagCriterionForJob?

        @inlinable
        public init(simpleCriterion: SimpleCriterionForJob? = nil, tagCriterion: TagCriterionForJob? = nil) {
            self.simpleCriterion = simpleCriterion
            self.tagCriterion = tagCriterion
        }

        private enum CodingKeys: String, CodingKey {
            case simpleCriterion = "simpleCriterion"
            case tagCriterion = "tagCriterion"
        }
    }

    public struct CriterionAdditionalProperties: AWSEncodableShape & AWSDecodableShape {
        /// The value for the property matches (equals) the specified value. If you specify multiple values, Macie uses OR logic to join the values.
        public let eq: [String]?
        /// The value for the property exclusively matches (equals an exact match for) all the specified values. If you specify multiple values, Amazon Macie uses AND logic to join the values. You can use this operator with the following properties: customDataIdentifiers.detections.arn, customDataIdentifiers.detections.name, resourcesAffected.s3Bucket.tags.key, resourcesAffected.s3Bucket.tags.value, resourcesAffected.s3Object.tags.key, resourcesAffected.s3Object.tags.value, sensitiveData.category, and sensitiveData.detections.type.
        public let eqExactMatch: [String]?
        /// The value for the property is greater than the specified value.
        public let gt: Int64?
        /// The value for the property is greater than or equal to the specified value.
        public let gte: Int64?
        /// The value for the property is less than the specified value.
        public let lt: Int64?
        /// The value for the property is less than or equal to the specified value.
        public let lte: Int64?
        /// The value for the property doesn't match (doesn't equal) the specified value. If you specify multiple values, Macie uses OR logic to join the values.
        public let neq: [String]?

        @inlinable
        public init(eq: [String]? = nil, eqExactMatch: [String]? = nil, gt: Int64? = nil, gte: Int64? = nil, lt: Int64? = nil, lte: Int64? = nil, neq: [String]? = nil) {
            self.eq = eq
            self.eqExactMatch = eqExactMatch
            self.gt = gt
            self.gte = gte
            self.lt = lt
            self.lte = lte
            self.neq = neq
        }

        private enum CodingKeys: String, CodingKey {
            case eq = "eq"
            case eqExactMatch = "eqExactMatch"
            case gt = "gt"
            case gte = "gte"
            case lt = "lt"
            case lte = "lte"
            case neq = "neq"
        }
    }

    public struct CustomDataIdentifierSummary: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the custom data identifier.
        public let arn: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var createdAt: Date?
        /// The custom description of the custom data identifier.
        public let description: String?
        /// The unique identifier for the custom data identifier.
        public let id: String?
        /// The custom name of the custom data identifier.
        public let name: String?

        @inlinable
        public init(arn: String? = nil, createdAt: Date? = nil, description: String? = nil, id: String? = nil, name: String? = nil) {
            self.arn = arn
            self.createdAt = createdAt
            self.description = description
            self.id = id
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case createdAt = "createdAt"
            case description = "description"
            case id = "id"
            case name = "name"
        }
    }

    public struct CustomDataIdentifiers: AWSDecodableShape {
        /// The custom data identifiers that detected the data, and the number of occurrences of the data that each identifier detected.
        public let detections: [CustomDetection]?
        /// The total number of occurrences of the data that was detected by the custom data identifiers and produced the finding.
        public let totalCount: Int64?

        @inlinable
        public init(detections: [CustomDetection]? = nil, totalCount: Int64? = nil) {
            self.detections = detections
            self.totalCount = totalCount
        }

        private enum CodingKeys: String, CodingKey {
            case detections = "detections"
            case totalCount = "totalCount"
        }
    }

    public struct CustomDetection: AWSDecodableShape {
        /// The unique identifier for the custom data identifier.
        public let arn: String?
        /// The total number of occurrences of the sensitive data that the custom data identifier detected.
        public let count: Int64?
        /// The name of the custom data identifier.
        public let name: String?
        /// The location of 1-15 occurrences of the sensitive data that the custom data identifier detected. A finding includes location data for a maximum of 15 occurrences of sensitive data.
        public let occurrences: Occurrences?

        @inlinable
        public init(arn: String? = nil, count: Int64? = nil, name: String? = nil, occurrences: Occurrences? = nil) {
            self.arn = arn
            self.count = count
            self.name = name
            self.occurrences = occurrences
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case count = "count"
            case name = "name"
            case occurrences = "occurrences"
        }
    }

    public struct DailySchedule: AWSEncodableShape & AWSDecodableShape {
        public init() {}
    }

    public struct DeclineInvitationsRequest: AWSEncodableShape {
        /// An array that lists Amazon Web Services account IDs, one for each account that sent an invitation to decline.
        public let accountIds: [String]?

        @inlinable
        public init(accountIds: [String]? = nil) {
            self.accountIds = accountIds
        }

        private enum CodingKeys: String, CodingKey {
            case accountIds = "accountIds"
        }
    }

    public struct DeclineInvitationsResponse: AWSDecodableShape {
        /// An array of objects, one for each account whose invitation hasn't been declined. Each object identifies the account and explains why the request hasn't been processed for that account.
        public let unprocessedAccounts: [UnprocessedAccount]?

        @inlinable
        public init(unprocessedAccounts: [UnprocessedAccount]? = nil) {
            self.unprocessedAccounts = unprocessedAccounts
        }

        private enum CodingKeys: String, CodingKey {
            case unprocessedAccounts = "unprocessedAccounts"
        }
    }

    public struct DefaultDetection: AWSDecodableShape {
        /// The total number of occurrences of the type of sensitive data that was detected.
        public let count: Int64?
        /// The location of 1-15 occurrences of the sensitive data that was detected. A finding includes location data for a maximum of 15 occurrences of sensitive data.
        public let occurrences: Occurrences?
        /// The type of sensitive data that was detected. For example, AWS_CREDENTIALS, PHONE_NUMBER, or ADDRESS.
        public let type: String?

        @inlinable
        public init(count: Int64? = nil, occurrences: Occurrences? = nil, type: String? = nil) {
            self.count = count
            self.occurrences = occurrences
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case count = "count"
            case occurrences = "occurrences"
            case type = "type"
        }
    }

    public struct DeleteAllowListRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String
        /// Specifies whether to force deletion of the allow list, even if active classification jobs are configured to use the list. When you try to delete an allow list, Amazon Macie checks for classification jobs that use the list and have a status other than COMPLETE or CANCELLED. By default, Macie rejects your request if any jobs meet these criteria. To skip these checks and delete the list, set this value to true. To delete the list only if no active jobs are configured to use it, set this value to false.
        public let ignoreJobChecks: String?

        @inlinable
        public init(id: String, ignoreJobChecks: String? = nil) {
            self.id = id
            self.ignoreJobChecks = ignoreJobChecks
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
            request.encodeQuery(self.ignoreJobChecks, key: "ignoreJobChecks")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteAllowListResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteCustomDataIdentifierRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String

        @inlinable
        public init(id: String) {
            self.id = id
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteCustomDataIdentifierResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteFindingsFilterRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String

        @inlinable
        public init(id: String) {
            self.id = id
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteFindingsFilterResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteInvitationsRequest: AWSEncodableShape {
        /// An array that lists Amazon Web Services account IDs, one for each account that sent an invitation to delete.
        public let accountIds: [String]?

        @inlinable
        public init(accountIds: [String]? = nil) {
            self.accountIds = accountIds
        }

        private enum CodingKeys: String, CodingKey {
            case accountIds = "accountIds"
        }
    }

    public struct DeleteInvitationsResponse: AWSDecodableShape {
        /// An array of objects, one for each account whose invitation hasn't been deleted. Each object identifies the account and explains why the request hasn't been processed for that account.
        public let unprocessedAccounts: [UnprocessedAccount]?

        @inlinable
        public init(unprocessedAccounts: [UnprocessedAccount]? = nil) {
            self.unprocessedAccounts = unprocessedAccounts
        }

        private enum CodingKeys: String, CodingKey {
            case unprocessedAccounts = "unprocessedAccounts"
        }
    }

    public struct DeleteMemberRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String

        @inlinable
        public init(id: String) {
            self.id = id
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteMemberResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DescribeBucketsRequest: AWSEncodableShape {
        /// The criteria to use to filter the query results.
        public let criteria: [String: BucketCriteriaAdditionalProperties]?
        /// The maximum number of items to include in each page of the response. The default value is 50.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?
        /// The criteria to use to sort the query results.
        public let sortCriteria: BucketSortCriteria?

        @inlinable
        public init(criteria: [String: BucketCriteriaAdditionalProperties]? = nil, maxResults: Int? = nil, nextToken: String? = nil, sortCriteria: BucketSortCriteria? = nil) {
            self.criteria = criteria
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.sortCriteria = sortCriteria
        }

        private enum CodingKeys: String, CodingKey {
            case criteria = "criteria"
            case maxResults = "maxResults"
            case nextToken = "nextToken"
            case sortCriteria = "sortCriteria"
        }
    }

    public struct DescribeBucketsResponse: AWSDecodableShape {
        /// An array of objects, one for each bucket that matches the filter criteria specified in the request.
        public let buckets: [BucketMetadata]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(buckets: [BucketMetadata]? = nil, nextToken: String? = nil) {
            self.buckets = buckets
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case buckets = "buckets"
            case nextToken = "nextToken"
        }
    }

    public struct DescribeClassificationJobRequest: AWSEncodableShape {
        /// The unique identifier for the classification job.
        public let jobId: String

        @inlinable
        public init(jobId: String) {
            self.jobId = jobId
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.jobId, key: "jobId")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DescribeClassificationJobResponse: AWSDecodableShape {
        /// An array of unique identifiers, one for each allow list that the job is configured to use when it analyzes data.
        public let allowListIds: [String]?
        /// The token that was provided to ensure the idempotency of the request to create the job.
        public let clientToken: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the job was created.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var createdAt: Date?
        /// An array of unique identifiers, one for each custom data identifier that the job is configured to use when it analyzes data. This value is null if the job is configured to use only managed data identifiers to analyze data.
        public let customDataIdentifierIds: [String]?
        /// The custom description of the job.
        public let description: String?
        /// For a recurring job, specifies whether you configured the job to analyze all existing, eligible objects immediately after the job was created (true). If you configured the job to analyze only those objects that were created or changed after the job was created and before the job's first scheduled run, this value is false. This value is also false for a one-time job.
        public let initialRun: Bool?
        /// The Amazon Resource Name (ARN) of the job.
        public let jobArn: String?
        /// The unique identifier for the job.
        public let jobId: String?
        /// The current status of the job. Possible values are: CANCELLED - You cancelled the job or, if it's a one-time job, you paused the job and didn't resume it within 30 days. COMPLETE - For a one-time job, Amazon Macie finished processing the data specified for the job. This value doesn't apply to recurring jobs. IDLE - For a recurring job, the previous scheduled run is complete and the next scheduled run is pending. This value doesn't apply to one-time jobs. PAUSED - Macie started running the job but additional processing would exceed the monthly sensitive data discovery quota for your account or one or more member accounts that the job analyzes data for. RUNNING - For a one-time job, the job is in progress. For a recurring job, a scheduled run is in progress. USER_PAUSED - You paused the job. If you paused the job while it had a status of RUNNING and you don't resume it within 30 days of pausing it, the job or job run will expire and be cancelled, depending on the job's type. To check the expiration date, refer to the UserPausedDetails.jobExpiresAt property.
        public let jobStatus: JobStatus?
        /// The schedule for running the job. Possible values are: ONE_TIME - The job runs only once. SCHEDULED - The job runs on a daily, weekly, or monthly basis. The scheduleFrequency property indicates the recurrence pattern for the job.
        public let jobType: JobType?
        /// Specifies whether any account- or bucket-level access errors occurred when the job ran. For a recurring job, this value indicates the error status of the job's most recent run.
        public let lastRunErrorStatus: LastRunErrorStatus?
        /// The date and time, in UTC and extended ISO 8601 format, when the job started. If the job is a recurring job, this value indicates when the most recent run started or, if the job hasn't run yet, when the job was created.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var lastRunTime: Date?
        /// An array of unique identifiers, one for each managed data identifier that the job is explicitly configured to include (use) or exclude (not use) when it analyzes data. Inclusion or exclusion depends on the managed data identifier selection type specified for the job (managedDataIdentifierSelector).This value is null if the job's managed data identifier selection type is ALL, NONE, or RECOMMENDED.
        public let managedDataIdentifierIds: [String]?
        /// The selection type that determines which managed data identifiers the job uses when it analyzes data. Possible values are: ALL - Use all managed data identifiers. EXCLUDE - Use all managed data identifiers except the ones specified by the managedDataIdentifierIds property. INCLUDE - Use only the managed data identifiers specified by the managedDataIdentifierIds property. NONE - Don't use any managed data identifiers. Use only custom data identifiers (customDataIdentifierIds). RECOMMENDED (default) - Use the recommended set of managed data identifiers. If this value is null, the job uses the recommended set of managed data identifiers. If the job is a recurring job and this value is ALL or EXCLUDE, each job run automatically uses new managed data identifiers that are released. If this value is null or RECOMMENDED for a recurring job, each job run uses all the managed data identifiers that are in the recommended set when the run starts. To learn about individual managed data identifiers or determine which ones are in the recommended set, see Using managed data identifiers or Recommended managed data identifiers in the Amazon Macie User Guide.
        public let managedDataIdentifierSelector: ManagedDataIdentifierSelector?
        /// The custom name of the job.
        public let name: String?
        /// The S3 buckets that contain the objects to analyze, and the scope of that analysis.
        public let s3JobDefinition: S3JobDefinition?
        /// The sampling depth, as a percentage, that determines the percentage of eligible objects that the job analyzes.
        public let samplingPercentage: Int?
        /// The recurrence pattern for running the job. This value is null if the job is configured to run only once.
        public let scheduleFrequency: JobScheduleFrequency?
        /// The number of times that the job has run and processing statistics for the job's current run.
        public let statistics: Statistics?
        /// A map of key-value pairs that specifies which tags (keys and values) are associated with the job.
        public let tags: [String: String]?
        /// If the current status of the job is USER_PAUSED, specifies when the job was paused and when the job or job run will expire and be cancelled if it isn't resumed. This value is present only if the value for jobStatus is USER_PAUSED.
        public let userPausedDetails: UserPausedDetails?

        @inlinable
        public init(allowListIds: [String]? = nil, clientToken: String? = DescribeClassificationJobResponse.idempotencyToken(), createdAt: Date? = nil, customDataIdentifierIds: [String]? = nil, description: String? = nil, initialRun: Bool? = nil, jobArn: String? = nil, jobId: String? = nil, jobStatus: JobStatus? = nil, jobType: JobType? = nil, lastRunErrorStatus: LastRunErrorStatus? = nil, lastRunTime: Date? = nil, managedDataIdentifierIds: [String]? = nil, managedDataIdentifierSelector: ManagedDataIdentifierSelector? = nil, name: String? = nil, s3JobDefinition: S3JobDefinition? = nil, samplingPercentage: Int? = nil, scheduleFrequency: JobScheduleFrequency? = nil, statistics: Statistics? = nil, tags: [String: String]? = nil, userPausedDetails: UserPausedDetails? = nil) {
            self.allowListIds = allowListIds
            self.clientToken = clientToken
            self.createdAt = createdAt
            self.customDataIdentifierIds = customDataIdentifierIds
            self.description = description
            self.initialRun = initialRun
            self.jobArn = jobArn
            self.jobId = jobId
            self.jobStatus = jobStatus
            self.jobType = jobType
            self.lastRunErrorStatus = lastRunErrorStatus
            self.lastRunTime = lastRunTime
            self.managedDataIdentifierIds = managedDataIdentifierIds
            self.managedDataIdentifierSelector = managedDataIdentifierSelector
            self.name = name
            self.s3JobDefinition = s3JobDefinition
            self.samplingPercentage = samplingPercentage
            self.scheduleFrequency = scheduleFrequency
            self.statistics = statistics
            self.tags = tags
            self.userPausedDetails = userPausedDetails
        }

        private enum CodingKeys: String, CodingKey {
            case allowListIds = "allowListIds"
            case clientToken = "clientToken"
            case createdAt = "createdAt"
            case customDataIdentifierIds = "customDataIdentifierIds"
            case description = "description"
            case initialRun = "initialRun"
            case jobArn = "jobArn"
            case jobId = "jobId"
            case jobStatus = "jobStatus"
            case jobType = "jobType"
            case lastRunErrorStatus = "lastRunErrorStatus"
            case lastRunTime = "lastRunTime"
            case managedDataIdentifierIds = "managedDataIdentifierIds"
            case managedDataIdentifierSelector = "managedDataIdentifierSelector"
            case name = "name"
            case s3JobDefinition = "s3JobDefinition"
            case samplingPercentage = "samplingPercentage"
            case scheduleFrequency = "scheduleFrequency"
            case statistics = "statistics"
            case tags = "tags"
            case userPausedDetails = "userPausedDetails"
        }
    }

    public struct DescribeOrganizationConfigurationRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DescribeOrganizationConfigurationResponse: AWSDecodableShape {
        /// Specifies whether Amazon Macie is enabled automatically for accounts that are added to the organization.
        public let autoEnable: Bool?
        /// Specifies whether the maximum number of Amazon Macie member accounts are part of the organization.
        public let maxAccountLimitReached: Bool?

        @inlinable
        public init(autoEnable: Bool? = nil, maxAccountLimitReached: Bool? = nil) {
            self.autoEnable = autoEnable
            self.maxAccountLimitReached = maxAccountLimitReached
        }

        private enum CodingKeys: String, CodingKey {
            case autoEnable = "autoEnable"
            case maxAccountLimitReached = "maxAccountLimitReached"
        }
    }

    public struct DetectedDataDetails: AWSDecodableShape {
        /// An occurrence of the specified type of sensitive data. Each occurrence contains 1-128 characters.
        public let value: String?

        @inlinable
        public init(value: String? = nil) {
            self.value = value
        }

        private enum CodingKeys: String, CodingKey {
            case value = "value"
        }
    }

    public struct Detection: AWSDecodableShape {
        /// If the sensitive data was detected by a custom data identifier, the Amazon Resource Name (ARN) of the custom data identifier that detected the data. Otherwise, this value is null.
        public let arn: String?
        /// The total number of occurrences of the sensitive data.
        public let count: Int64?
        /// The unique identifier for the custom data identifier or managed data identifier that detected the sensitive data. For additional details about a specified managed data identifier, see Using managed data identifiers in the Amazon Macie User Guide.
        public let id: String?
        /// The name of the custom data identifier or managed data identifier that detected the sensitive data. For a managed data identifier, this value is the same as the unique identifier (id).
        public let name: String?
        /// Specifies whether occurrences of this type of sensitive data are excluded (true) or included (false) in the bucket's sensitivity score, if the score is calculated by Amazon Macie.
        public let suppressed: Bool?
        /// The type of data identifier that detected the sensitive data. Possible values are: CUSTOM, for a custom data identifier; and, MANAGED, for a managed data identifier.
        public let type: DataIdentifierType?

        @inlinable
        public init(arn: String? = nil, count: Int64? = nil, id: String? = nil, name: String? = nil, suppressed: Bool? = nil, type: DataIdentifierType? = nil) {
            self.arn = arn
            self.count = count
            self.id = id
            self.name = name
            self.suppressed = suppressed
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case count = "count"
            case id = "id"
            case name = "name"
            case suppressed = "suppressed"
            case type = "type"
        }
    }

    public struct DisableMacieRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DisableMacieResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DisableOrganizationAdminAccountRequest: AWSEncodableShape {
        /// The Amazon Web Services account ID of the delegated Amazon Macie administrator account.
        public let adminAccountId: String?

        @inlinable
        public init(adminAccountId: String? = nil) {
            self.adminAccountId = adminAccountId
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.adminAccountId, key: "adminAccountId")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DisableOrganizationAdminAccountResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DisassociateFromAdministratorAccountRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DisassociateFromAdministratorAccountResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DisassociateFromMasterAccountRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DisassociateFromMasterAccountResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DisassociateMemberRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String

        @inlinable
        public init(id: String) {
            self.id = id
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DisassociateMemberResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DomainDetails: AWSDecodableShape {
        /// The name of the domain.
        public let domainName: String?

        @inlinable
        public init(domainName: String? = nil) {
            self.domainName = domainName
        }

        private enum CodingKeys: String, CodingKey {
            case domainName = "domainName"
        }
    }

    public struct EnableMacieRequest: AWSEncodableShape {
        /// A unique, case-sensitive token that you provide to ensure the idempotency of the request.
        public let clientToken: String?
        /// Specifies how often to publish updates to policy findings for the account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events).
        public let findingPublishingFrequency: FindingPublishingFrequency?
        /// Specifies the new status for the account. To enable Amazon Macie and start all Macie activities for the account, set this value to ENABLED.
        public let status: MacieStatus?

        @inlinable
        public init(clientToken: String? = EnableMacieRequest.idempotencyToken(), findingPublishingFrequency: FindingPublishingFrequency? = nil, status: MacieStatus? = nil) {
            self.clientToken = clientToken
            self.findingPublishingFrequency = findingPublishingFrequency
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case clientToken = "clientToken"
            case findingPublishingFrequency = "findingPublishingFrequency"
            case status = "status"
        }
    }

    public struct EnableMacieResponse: AWSDecodableShape {
        public init() {}
    }

    public struct EnableOrganizationAdminAccountRequest: AWSEncodableShape {
        /// The Amazon Web Services account ID for the account to designate as the delegated Amazon Macie administrator account for the organization.
        public let adminAccountId: String?
        /// A unique, case-sensitive token that you provide to ensure the idempotency of the request.
        public let clientToken: String?

        @inlinable
        public init(adminAccountId: String? = nil, clientToken: String? = EnableOrganizationAdminAccountRequest.idempotencyToken()) {
            self.adminAccountId = adminAccountId
            self.clientToken = clientToken
        }

        private enum CodingKeys: String, CodingKey {
            case adminAccountId = "adminAccountId"
            case clientToken = "clientToken"
        }
    }

    public struct EnableOrganizationAdminAccountResponse: AWSDecodableShape {
        public init() {}
    }

    public struct FederatedUser: AWSDecodableShape {
        /// The Amazon Web Services access key ID that identifies the credentials.
        public let accessKeyId: String?
        /// The unique identifier for the Amazon Web Services account that owns the entity that was used to get the credentials.
        public let accountId: String?
        /// The Amazon Resource Name (ARN) of the entity that was used to get the credentials.
        public let arn: String?
        /// The unique identifier for the entity that was used to get the credentials.
        public let principalId: String?
        /// The details of the session that was created for the credentials, including the entity that issued the session.
        public let sessionContext: SessionContext?

        @inlinable
        public init(accessKeyId: String? = nil, accountId: String? = nil, arn: String? = nil, principalId: String? = nil, sessionContext: SessionContext? = nil) {
            self.accessKeyId = accessKeyId
            self.accountId = accountId
            self.arn = arn
            self.principalId = principalId
            self.sessionContext = sessionContext
        }

        private enum CodingKeys: String, CodingKey {
            case accessKeyId = "accessKeyId"
            case accountId = "accountId"
            case arn = "arn"
            case principalId = "principalId"
            case sessionContext = "sessionContext"
        }
    }

    public struct Finding: AWSDecodableShape {
        /// The unique identifier for the Amazon Web Services account that the finding applies to. This is typically the account that owns the affected resource.
        public let accountId: String?
        /// Specifies whether the finding is archived (suppressed).
        public let archived: Bool?
        /// The category of the finding. Possible values are: CLASSIFICATION, for a sensitive data finding; and, POLICY, for a policy finding.
        public let category: FindingCategory?
        /// The details of a sensitive data finding. This value is null for a policy finding.
        public let classificationDetails: ClassificationDetails?
        /// The total number of occurrences of the finding. For sensitive data findings, this value is always 1. All sensitive data findings are considered unique.
        public let count: Int64?
        /// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie created the finding.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var createdAt: Date?
        /// The description of the finding.
        public let description: String?
        /// The unique identifier for the finding. This is a random string that Amazon Macie generates and assigns to a finding when it creates the finding.
        public let id: String?
        /// The Amazon Web Services partition that Amazon Macie created the finding in.
        public let partition: String?
        /// The details of a policy finding. This value is null for a sensitive data finding.
        public let policyDetails: PolicyDetails?
        /// The Amazon Web Services Region that Amazon Macie created the finding in.
        public let region: String?
        /// The resources that the finding applies to.
        public let resourcesAffected: ResourcesAffected?
        /// Specifies whether the finding is a sample finding. A sample finding is a finding that uses example data to demonstrate what a finding might contain.
        public let sample: Bool?
        /// The version of the schema that was used to define the data structures in the finding.
        public let schemaVersion: String?
        /// The severity level and score for the finding.
        public let severity: Severity?
        /// The brief description of the finding.
        public let title: String?
        /// The type of the finding.
        public let type: FindingType?
        /// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie last updated the finding. For sensitive data findings, this value is the same as the value for the createdAt property. All sensitive data findings are considered new.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var updatedAt: Date?

        @inlinable
        public init(accountId: String? = nil, archived: Bool? = nil, category: FindingCategory? = nil, classificationDetails: ClassificationDetails? = nil, count: Int64? = nil, createdAt: Date? = nil, description: String? = nil, id: String? = nil, partition: String? = nil, policyDetails: PolicyDetails? = nil, region: String? = nil, resourcesAffected: ResourcesAffected? = nil, sample: Bool? = nil, schemaVersion: String? = nil, severity: Severity? = nil, title: String? = nil, type: FindingType? = nil, updatedAt: Date? = nil) {
            self.accountId = accountId
            self.archived = archived
            self.category = category
            self.classificationDetails = classificationDetails
            self.count = count
            self.createdAt = createdAt
            self.description = description
            self.id = id
            self.partition = partition
            self.policyDetails = policyDetails
            self.region = region
            self.resourcesAffected = resourcesAffected
            self.sample = sample
            self.schemaVersion = schemaVersion
            self.severity = severity
            self.title = title
            self.type = type
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case archived = "archived"
            case category = "category"
            case classificationDetails = "classificationDetails"
            case count = "count"
            case createdAt = "createdAt"
            case description = "description"
            case id = "id"
            case partition = "partition"
            case policyDetails = "policyDetails"
            case region = "region"
            case resourcesAffected = "resourcesAffected"
            case sample = "sample"
            case schemaVersion = "schemaVersion"
            case severity = "severity"
            case title = "title"
            case type = "type"
            case updatedAt = "updatedAt"
        }
    }

    public struct FindingAction: AWSDecodableShape {
        /// The type of action that occurred for the affected resource. This value is typically AWS_API_CALL, which indicates that an entity invoked an API operation for the resource.
        public let actionType: FindingActionType?
        /// The invocation details of the API operation that an entity invoked for the affected resource, if the value for the actionType property is AWS_API_CALL.
        public let apiCallDetails: ApiCallDetails?

        @inlinable
        public init(actionType: FindingActionType? = nil, apiCallDetails: ApiCallDetails? = nil) {
            self.actionType = actionType
            self.apiCallDetails = apiCallDetails
        }

        private enum CodingKeys: String, CodingKey {
            case actionType = "actionType"
            case apiCallDetails = "apiCallDetails"
        }
    }

    public struct FindingActor: AWSDecodableShape {
        /// The domain name of the device that the entity used to perform the action on the affected resource.
        public let domainDetails: DomainDetails?
        /// The IP address and related details about the device that the entity used to perform the action on the affected resource. The details can include information such as the owner and geographic location of the IP address.
        public let ipAddressDetails: IpAddressDetails?
        /// The type and other characteristics of the entity that performed the action on the affected resource. This value is null if the action was performed by an anonymous (unauthenticated) entity.
        public let userIdentity: UserIdentity?

        @inlinable
        public init(domainDetails: DomainDetails? = nil, ipAddressDetails: IpAddressDetails? = nil, userIdentity: UserIdentity? = nil) {
            self.domainDetails = domainDetails
            self.ipAddressDetails = ipAddressDetails
            self.userIdentity = userIdentity
        }

        private enum CodingKeys: String, CodingKey {
            case domainDetails = "domainDetails"
            case ipAddressDetails = "ipAddressDetails"
            case userIdentity = "userIdentity"
        }
    }

    public struct FindingCriteria: AWSEncodableShape & AWSDecodableShape {
        /// A condition that specifies the property, operator, and one or more values to use to filter the results.
        public let criterion: [String: CriterionAdditionalProperties]?

        @inlinable
        public init(criterion: [String: CriterionAdditionalProperties]? = nil) {
            self.criterion = criterion
        }

        private enum CodingKeys: String, CodingKey {
            case criterion = "criterion"
        }
    }

    public struct FindingStatisticsSortCriteria: AWSEncodableShape {
        /// The grouping to sort the results by. Valid values are: count, sort the results by the number of findings in each group of results; and, groupKey, sort the results by the name of each group of results.
        public let attributeName: FindingStatisticsSortAttributeName?
        /// The sort order to apply to the results, based on the value for the property specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
        public let orderBy: OrderBy?

        @inlinable
        public init(attributeName: FindingStatisticsSortAttributeName? = nil, orderBy: OrderBy? = nil) {
            self.attributeName = attributeName
            self.orderBy = orderBy
        }

        private enum CodingKeys: String, CodingKey {
            case attributeName = "attributeName"
            case orderBy = "orderBy"
        }
    }

    public struct FindingsFilterListItem: AWSDecodableShape {
        /// The action that's performed on findings that match the filter criteria. Possible values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.
        public let action: FindingsFilterAction?
        /// The Amazon Resource Name (ARN) of the filter.
        public let arn: String?
        /// The unique identifier for the filter.
        public let id: String?
        /// The custom name of the filter.
        public let name: String?
        /// A map of key-value pairs that specifies which tags (keys and values) are associated with the filter.
        public let tags: [String: String]?

        @inlinable
        public init(action: FindingsFilterAction? = nil, arn: String? = nil, id: String? = nil, name: String? = nil, tags: [String: String]? = nil) {
            self.action = action
            self.arn = arn
            self.id = id
            self.name = name
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case action = "action"
            case arn = "arn"
            case id = "id"
            case name = "name"
            case tags = "tags"
        }
    }

    public struct GetAdministratorAccountRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetAdministratorAccountResponse: AWSDecodableShape {
        /// The Amazon Web Services account ID for the administrator account. If the accounts are associated by an Amazon Macie membership invitation, this object also provides details about the invitation that was sent to establish the relationship between the accounts.
        public let administrator: Invitation?

        @inlinable
        public init(administrator: Invitation? = nil) {
            self.administrator = administrator
        }

        private enum CodingKeys: String, CodingKey {
            case administrator = "administrator"
        }
    }

    public struct GetAllowListRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String

        @inlinable
        public init(id: String) {
            self.id = id
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetAllowListResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the allow list.
        public let arn: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the allow list was created in Amazon Macie.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var createdAt: Date?
        /// The criteria that specify the text or text pattern to ignore. The criteria can be the location and name of an S3 object that lists specific text to ignore (s3WordsList), or a regular expression (regex) that defines a text pattern to ignore.
        public let criteria: AllowListCriteria?
        /// The custom description of the allow list.
        public let description: String?
        /// The unique identifier for the allow list.
        public let id: String?
        /// The custom name of the allow list.
        public let name: String?
        /// The current status of the allow list, which indicates whether Amazon Macie can access and use the list's criteria.
        public let status: AllowListStatus?
        /// A map of key-value pairs that specifies which tags (keys and values) are associated with the allow list.
        public let tags: [String: String]?
        /// The date and time, in UTC and extended ISO 8601 format, when the allow list's settings were most recently changed in Amazon Macie.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var updatedAt: Date?

        @inlinable
        public init(arn: String? = nil, createdAt: Date? = nil, criteria: AllowListCriteria? = nil, description: String? = nil, id: String? = nil, name: String? = nil, status: AllowListStatus? = nil, tags: [String: String]? = nil, updatedAt: Date? = nil) {
            self.arn = arn
            self.createdAt = createdAt
            self.criteria = criteria
            self.description = description
            self.id = id
            self.name = name
            self.status = status
            self.tags = tags
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case createdAt = "createdAt"
            case criteria = "criteria"
            case description = "description"
            case id = "id"
            case name = "name"
            case status = "status"
            case tags = "tags"
            case updatedAt = "updatedAt"
        }
    }

    public struct GetAutomatedDiscoveryConfigurationRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetAutomatedDiscoveryConfigurationResponse: AWSDecodableShape {
        /// Specifies whether automated sensitive data discovery is enabled automatically for accounts in the organization. Possible values are: ALL, enable it for all existing accounts and new member accounts; NEW, enable it only for new member accounts; and, NONE, don't enable it for any accounts.
        public let autoEnableOrganizationMembers: AutoEnableMode?
        /// The unique identifier for the classification scope that's used when performing automated sensitive data discovery. The classification scope specifies S3 buckets to exclude from analyses.
        public let classificationScopeId: String?
        /// The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was most recently disabled. This value is null if automated sensitive data discovery is currently enabled.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var disabledAt: Date?
        /// The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was initially enabled. This value is null if automated sensitive data discovery has never been enabled.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var firstEnabledAt: Date?
        /// The date and time, in UTC and extended ISO 8601 format, when the configuration settings or status of automated sensitive data discovery was most recently changed.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var lastUpdatedAt: Date?
        /// The unique identifier for the sensitivity inspection template that's used when performing automated sensitive data discovery. The template specifies which allow lists, custom data identifiers, and managed data identifiers to use when analyzing data.
        public let sensitivityInspectionTemplateId: String?
        /// The current status of automated sensitive data discovery for the organization or account. Possible values are: ENABLED, use the specified settings to perform automated sensitive data discovery activities; and, DISABLED, don't perform automated sensitive data discovery activities.
        public let status: AutomatedDiscoveryStatus?

        @inlinable
        public init(autoEnableOrganizationMembers: AutoEnableMode? = nil, classificationScopeId: String? = nil, disabledAt: Date? = nil, firstEnabledAt: Date? = nil, lastUpdatedAt: Date? = nil, sensitivityInspectionTemplateId: String? = nil, status: AutomatedDiscoveryStatus? = nil) {
            self.autoEnableOrganizationMembers = autoEnableOrganizationMembers
            self.classificationScopeId = classificationScopeId
            self.disabledAt = disabledAt
            self.firstEnabledAt = firstEnabledAt
            self.lastUpdatedAt = lastUpdatedAt
            self.sensitivityInspectionTemplateId = sensitivityInspectionTemplateId
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case autoEnableOrganizationMembers = "autoEnableOrganizationMembers"
            case classificationScopeId = "classificationScopeId"
            case disabledAt = "disabledAt"
            case firstEnabledAt = "firstEnabledAt"
            case lastUpdatedAt = "lastUpdatedAt"
            case sensitivityInspectionTemplateId = "sensitivityInspectionTemplateId"
            case status = "status"
        }
    }

    public struct GetBucketStatisticsRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Web Services account.
        public let accountId: String?

        @inlinable
        public init(accountId: String? = nil) {
            self.accountId = accountId
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
        }
    }

    public struct GetBucketStatisticsResponse: AWSDecodableShape {
        /// The total number of buckets.
        public let bucketCount: Int64?
        /// The total number of buckets that are publicly accessible due to a combination of permissions settings for each bucket.
        public let bucketCountByEffectivePermission: BucketCountByEffectivePermission?
        /// The total number of buckets whose settings do or don't specify default server-side encryption behavior for objects that are added to the buckets.
        public let bucketCountByEncryptionType: BucketCountByEncryptionType?
        /// The total number of buckets whose bucket policies do or don't require server-side encryption of objects when objects are added to the buckets.
        public let bucketCountByObjectEncryptionRequirement: BucketCountPolicyAllowsUnencryptedObjectUploads?
        /// The total number of buckets that are or aren't shared with other Amazon Web Services accounts, Amazon CloudFront origin access identities (OAIs), or CloudFront origin access controls (OACs).
        public let bucketCountBySharedAccessType: BucketCountBySharedAccessType?
        /// The aggregated sensitive data discovery statistics for the buckets. If automated sensitive data discovery is currently disabled for your account, the value for most statistics is 0.
        public let bucketStatisticsBySensitivity: BucketStatisticsBySensitivity?
        /// The total number of objects that Amazon Macie can analyze in the buckets. These objects use a supported storage class and have a file name extension for a supported file or storage format.
        public let classifiableObjectCount: Int64?
        /// The total storage size, in bytes, of all the objects that Amazon Macie can analyze in the buckets. These objects use a supported storage class and have a file name extension for a supported file or storage format. If versioning is enabled for any of the buckets, this value is based on the size of the latest version of each applicable object in the buckets. This value doesn't reflect the storage size of all versions of all applicable objects in the buckets.
        public let classifiableSizeInBytes: Int64?
        /// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieved bucket or object metadata from Amazon S3 for the buckets.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var lastUpdated: Date?
        /// The total number of objects in the buckets.
        public let objectCount: Int64?
        /// The total storage size, in bytes, of the buckets. If versioning is enabled for any of the buckets, this value is based on the size of the latest version of each object in the buckets. This value doesn't reflect the storage size of all versions of the objects in the buckets.
        public let sizeInBytes: Int64?
        /// The total storage size, in bytes, of the objects that are compressed (.gz, .gzip, .zip) files in the buckets. If versioning is enabled for any of the buckets, this value is based on the size of the latest version of each applicable object in the buckets. This value doesn't reflect the storage size of all versions of the applicable objects in the buckets.
        public let sizeInBytesCompressed: Int64?
        /// The total number of objects that Amazon Macie can't analyze in the buckets. These objects don't use a supported storage class or don't have a file name extension for a supported file or storage format.
        public let unclassifiableObjectCount: ObjectLevelStatistics?
        /// The total storage size, in bytes, of the objects that Amazon Macie can't analyze in the buckets. These objects don't use a supported storage class or don't have a file name extension for a supported file or storage format.
        public let unclassifiableObjectSizeInBytes: ObjectLevelStatistics?

        @inlinable
        public init(bucketCount: Int64? = nil, bucketCountByEffectivePermission: BucketCountByEffectivePermission? = nil, bucketCountByEncryptionType: BucketCountByEncryptionType? = nil, bucketCountByObjectEncryptionRequirement: BucketCountPolicyAllowsUnencryptedObjectUploads? = nil, bucketCountBySharedAccessType: BucketCountBySharedAccessType? = nil, bucketStatisticsBySensitivity: BucketStatisticsBySensitivity? = nil, classifiableObjectCount: Int64? = nil, classifiableSizeInBytes: Int64? = nil, lastUpdated: Date? = nil, objectCount: Int64? = nil, sizeInBytes: Int64? = nil, sizeInBytesCompressed: Int64? = nil, unclassifiableObjectCount: ObjectLevelStatistics? = nil, unclassifiableObjectSizeInBytes: ObjectLevelStatistics? = nil) {
            self.bucketCount = bucketCount
            self.bucketCountByEffectivePermission = bucketCountByEffectivePermission
            self.bucketCountByEncryptionType = bucketCountByEncryptionType
            self.bucketCountByObjectEncryptionRequirement = bucketCountByObjectEncryptionRequirement
            self.bucketCountBySharedAccessType = bucketCountBySharedAccessType
            self.bucketStatisticsBySensitivity = bucketStatisticsBySensitivity
            self.classifiableObjectCount = classifiableObjectCount
            self.classifiableSizeInBytes = classifiableSizeInBytes
            self.lastUpdated = lastUpdated
            self.objectCount = objectCount
            self.sizeInBytes = sizeInBytes
            self.sizeInBytesCompressed = sizeInBytesCompressed
            self.unclassifiableObjectCount = unclassifiableObjectCount
            self.unclassifiableObjectSizeInBytes = unclassifiableObjectSizeInBytes
        }

        private enum CodingKeys: String, CodingKey {
            case bucketCount = "bucketCount"
            case bucketCountByEffectivePermission = "bucketCountByEffectivePermission"
            case bucketCountByEncryptionType = "bucketCountByEncryptionType"
            case bucketCountByObjectEncryptionRequirement = "bucketCountByObjectEncryptionRequirement"
            case bucketCountBySharedAccessType = "bucketCountBySharedAccessType"
            case bucketStatisticsBySensitivity = "bucketStatisticsBySensitivity"
            case classifiableObjectCount = "classifiableObjectCount"
            case classifiableSizeInBytes = "classifiableSizeInBytes"
            case lastUpdated = "lastUpdated"
            case objectCount = "objectCount"
            case sizeInBytes = "sizeInBytes"
            case sizeInBytesCompressed = "sizeInBytesCompressed"
            case unclassifiableObjectCount = "unclassifiableObjectCount"
            case unclassifiableObjectSizeInBytes = "unclassifiableObjectSizeInBytes"
        }
    }

    public struct GetClassificationExportConfigurationRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetClassificationExportConfigurationResponse: AWSDecodableShape {
        /// The location where data classification results are stored, and the encryption settings that are used when storing results in that location.
        public let configuration: ClassificationExportConfiguration?

        @inlinable
        public init(configuration: ClassificationExportConfiguration? = nil) {
            self.configuration = configuration
        }

        private enum CodingKeys: String, CodingKey {
            case configuration = "configuration"
        }
    }

    public struct GetClassificationScopeRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String

        @inlinable
        public init(id: String) {
            self.id = id
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetClassificationScopeResponse: AWSDecodableShape {
        /// The unique identifier for the classification scope.
        public let id: String?
        /// The name of the classification scope: automated-sensitive-data-discovery.
        public let name: String?
        /// The S3 buckets that are excluded from automated sensitive data discovery.
        public let s3: S3ClassificationScope?

        @inlinable
        public init(id: String? = nil, name: String? = nil, s3: S3ClassificationScope? = nil) {
            self.id = id
            self.name = name
            self.s3 = s3
        }

        private enum CodingKeys: String, CodingKey {
            case id = "id"
            case name = "name"
            case s3 = "s3"
        }
    }

    public struct GetCustomDataIdentifierRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String

        @inlinable
        public init(id: String) {
            self.id = id
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetCustomDataIdentifierResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the custom data identifier.
        public let arn: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var createdAt: Date?
        /// Specifies whether the custom data identifier was deleted. If you delete a custom data identifier, Amazon Macie doesn't delete it permanently. Instead, it soft deletes the identifier.
        public let deleted: Bool?
        /// The custom description of the custom data identifier.
        public let description: String?
        /// The unique identifier for the custom data identifier.
        public let id: String?
        /// An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression contains any string in this array, Amazon Macie ignores it. Ignore words are case sensitive.
        public let ignoreWords: [String]?
        /// An array that lists specific character sequences (keywords), one of which must precede and be within proximity (maximumMatchDistance) of the regular expression to match. Keywords aren't case sensitive.
        public let keywords: [String]?
        /// The maximum number of characters that can exist between the end of at least one complete character sequence specified by the keywords array and the end of the text that matches the regex pattern. If a complete keyword precedes all the text that matches the pattern and the keyword is within the specified distance, Amazon Macie includes the result. Otherwise, Macie excludes the result.
        public let maximumMatchDistance: Int?
        /// The custom name of the custom data identifier.
        public let name: String?
        /// The regular expression (regex) that defines the pattern to match.
        public let regex: String?
        /// Specifies the severity that's assigned to findings that the custom data identifier produces, based on the number of occurrences of text that match the custom data identifier's detection criteria. By default, Amazon Macie creates findings for S3 objects that contain at least one occurrence of text that matches the detection criteria, and Macie assigns the MEDIUM severity to those findings.
        public let severityLevels: [SeverityLevel]?
        /// A map of key-value pairs that identifies the tags (keys and values) that are associated with the custom data identifier.
        public let tags: [String: String]?

        @inlinable
        public init(arn: String? = nil, createdAt: Date? = nil, deleted: Bool? = nil, description: String? = nil, id: String? = nil, ignoreWords: [String]? = nil, keywords: [String]? = nil, maximumMatchDistance: Int? = nil, name: String? = nil, regex: String? = nil, severityLevels: [SeverityLevel]? = nil, tags: [String: String]? = nil) {
            self.arn = arn
            self.createdAt = createdAt
            self.deleted = deleted
            self.description = description
            self.id = id
            self.ignoreWords = ignoreWords
            self.keywords = keywords
            self.maximumMatchDistance = maximumMatchDistance
            self.name = name
            self.regex = regex
            self.severityLevels = severityLevels
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case createdAt = "createdAt"
            case deleted = "deleted"
            case description = "description"
            case id = "id"
            case ignoreWords = "ignoreWords"
            case keywords = "keywords"
            case maximumMatchDistance = "maximumMatchDistance"
            case name = "name"
            case regex = "regex"
            case severityLevels = "severityLevels"
            case tags = "tags"
        }
    }

    public struct GetFindingStatisticsRequest: AWSEncodableShape {
        /// The criteria to use to filter the query results.
        public let findingCriteria: FindingCriteria?
        /// The finding property to use to group the query results. Valid values are: classificationDetails.jobId - The unique identifier for the classification job that produced the finding. resourcesAffected.s3Bucket.name - The name of the S3 bucket that the finding applies to. severity.description - The severity level of the finding, such as High or Medium. type - The type of finding, such as Policy:IAMUser/S3BucketPublic and SensitiveData:S3Object/Personal.
        public let groupBy: GroupBy?
        /// The maximum number of items to include in each page of the response.
        public let size: Int?
        /// The criteria to use to sort the query results.
        public let sortCriteria: FindingStatisticsSortCriteria?

        @inlinable
        public init(findingCriteria: FindingCriteria? = nil, groupBy: GroupBy? = nil, size: Int? = nil, sortCriteria: FindingStatisticsSortCriteria? = nil) {
            self.findingCriteria = findingCriteria
            self.groupBy = groupBy
            self.size = size
            self.sortCriteria = sortCriteria
        }

        private enum CodingKeys: String, CodingKey {
            case findingCriteria = "findingCriteria"
            case groupBy = "groupBy"
            case size = "size"
            case sortCriteria = "sortCriteria"
        }
    }

    public struct GetFindingStatisticsResponse: AWSDecodableShape {
        /// An array of objects, one for each group of findings that matches the filter criteria specified in the request.
        public let countsByGroup: [GroupCount]?

        @inlinable
        public init(countsByGroup: [GroupCount]? = nil) {
            self.countsByGroup = countsByGroup
        }

        private enum CodingKeys: String, CodingKey {
            case countsByGroup = "countsByGroup"
        }
    }

    public struct GetFindingsFilterRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String

        @inlinable
        public init(id: String) {
            self.id = id
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetFindingsFilterResponse: AWSDecodableShape {
        /// The action that's performed on findings that match the filter criteria (findingCriteria). Possible values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.
        public let action: FindingsFilterAction?
        /// The Amazon Resource Name (ARN) of the filter.
        public let arn: String?
        /// The custom description of the filter.
        public let description: String?
        /// The criteria that's used to filter findings.
        public let findingCriteria: FindingCriteria?
        /// The unique identifier for the filter.
        public let id: String?
        /// The custom name of the filter.
        public let name: String?
        /// The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.
        public let position: Int?
        /// A map of key-value pairs that specifies which tags (keys and values) are associated with the filter.
        public let tags: [String: String]?

        @inlinable
        public init(action: FindingsFilterAction? = nil, arn: String? = nil, description: String? = nil, findingCriteria: FindingCriteria? = nil, id: String? = nil, name: String? = nil, position: Int? = nil, tags: [String: String]? = nil) {
            self.action = action
            self.arn = arn
            self.description = description
            self.findingCriteria = findingCriteria
            self.id = id
            self.name = name
            self.position = position
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case action = "action"
            case arn = "arn"
            case description = "description"
            case findingCriteria = "findingCriteria"
            case id = "id"
            case name = "name"
            case position = "position"
            case tags = "tags"
        }
    }

    public struct GetFindingsPublicationConfigurationRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetFindingsPublicationConfigurationResponse: AWSDecodableShape {
        /// The configuration settings that determine which findings are published to Security Hub.
        public let securityHubConfiguration: SecurityHubConfiguration?

        @inlinable
        public init(securityHubConfiguration: SecurityHubConfiguration? = nil) {
            self.securityHubConfiguration = securityHubConfiguration
        }

        private enum CodingKeys: String, CodingKey {
            case securityHubConfiguration = "securityHubConfiguration"
        }
    }

    public struct GetFindingsRequest: AWSEncodableShape {
        /// An array of strings that lists the unique identifiers for the findings to retrieve. You can specify as many as 50 unique identifiers in this array.
        public let findingIds: [String]?
        /// The criteria for sorting the results of the request.
        public let sortCriteria: SortCriteria?

        @inlinable
        public init(findingIds: [String]? = nil, sortCriteria: SortCriteria? = nil) {
            self.findingIds = findingIds
            self.sortCriteria = sortCriteria
        }

        private enum CodingKeys: String, CodingKey {
            case findingIds = "findingIds"
            case sortCriteria = "sortCriteria"
        }
    }

    public struct GetFindingsResponse: AWSDecodableShape {
        /// An array of objects, one for each finding that matches the criteria specified in the request.
        public let findings: [Finding]?

        @inlinable
        public init(findings: [Finding]? = nil) {
            self.findings = findings
        }

        private enum CodingKeys: String, CodingKey {
            case findings = "findings"
        }
    }

    public struct GetInvitationsCountRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetInvitationsCountResponse: AWSDecodableShape {
        /// The total number of invitations that were received by the account, not including the currently accepted invitation.
        public let invitationsCount: Int64?

        @inlinable
        public init(invitationsCount: Int64? = nil) {
            self.invitationsCount = invitationsCount
        }

        private enum CodingKeys: String, CodingKey {
            case invitationsCount = "invitationsCount"
        }
    }

    public struct GetMacieSessionRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetMacieSessionResponse: AWSDecodableShape {
        /// The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie account was created.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var createdAt: Date?
        /// The frequency with which Amazon Macie publishes updates to policy findings for the account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events).
        public let findingPublishingFrequency: FindingPublishingFrequency?
        /// The Amazon Resource Name (ARN) of the service-linked role that allows Amazon Macie to monitor and analyze data in Amazon Web Services resources for the account.
        public let serviceRole: String?
        /// The current status of the Amazon Macie account. Possible values are: PAUSED, the account is enabled but all Macie activities are suspended (paused) for the account; and, ENABLED, the account is enabled and all Macie activities are enabled for the account.
        public let status: MacieStatus?
        /// The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status or configuration settings for the Amazon Macie account.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var updatedAt: Date?

        @inlinable
        public init(createdAt: Date? = nil, findingPublishingFrequency: FindingPublishingFrequency? = nil, serviceRole: String? = nil, status: MacieStatus? = nil, updatedAt: Date? = nil) {
            self.createdAt = createdAt
            self.findingPublishingFrequency = findingPublishingFrequency
            self.serviceRole = serviceRole
            self.status = status
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case createdAt = "createdAt"
            case findingPublishingFrequency = "findingPublishingFrequency"
            case serviceRole = "serviceRole"
            case status = "status"
            case updatedAt = "updatedAt"
        }
    }

    public struct GetMasterAccountRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetMasterAccountResponse: AWSDecodableShape {
        /// (Deprecated) The Amazon Web Services account ID for the administrator account. If the accounts are associated by a Macie membership invitation, this object also provides details about the invitation that was sent to establish the relationship between the accounts.
        public let master: Invitation?

        @inlinable
        public init(master: Invitation? = nil) {
            self.master = master
        }

        private enum CodingKeys: String, CodingKey {
            case master = "master"
        }
    }

    public struct GetMemberRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String

        @inlinable
        public init(id: String) {
            self.id = id
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetMemberResponse: AWSDecodableShape {
        /// The Amazon Web Services account ID for the account.
        public let accountId: String?
        /// The Amazon Web Services account ID for the administrator account.
        public let administratorAccountId: String?
        /// The Amazon Resource Name (ARN) of the account.
        public let arn: String?
        /// The email address for the account. This value is null if the account is associated with the administrator account through Organizations.
        public let email: String?
        /// The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if a Macie membership invitation hasn't been sent to the account.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var invitedAt: Date?
        /// (Deprecated) The Amazon Web Services account ID for the administrator account. This property has been replaced by the administratorAccountId property and is retained only for backward compatibility.
        public let masterAccountId: String?
        /// The current status of the relationship between the account and the administrator account.
        public let relationshipStatus: RelationshipStatus?
        /// A map of key-value pairs that specifies which tags (keys and values) are associated with the account in Amazon Macie.
        public let tags: [String: String]?
        /// The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of the relationship between the account and the administrator account.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var updatedAt: Date?

        @inlinable
        public init(accountId: String? = nil, administratorAccountId: String? = nil, arn: String? = nil, email: String? = nil, invitedAt: Date? = nil, masterAccountId: String? = nil, relationshipStatus: RelationshipStatus? = nil, tags: [String: String]? = nil, updatedAt: Date? = nil) {
            self.accountId = accountId
            self.administratorAccountId = administratorAccountId
            self.arn = arn
            self.email = email
            self.invitedAt = invitedAt
            self.masterAccountId = masterAccountId
            self.relationshipStatus = relationshipStatus
            self.tags = tags
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case administratorAccountId = "administratorAccountId"
            case arn = "arn"
            case email = "email"
            case invitedAt = "invitedAt"
            case masterAccountId = "masterAccountId"
            case relationshipStatus = "relationshipStatus"
            case tags = "tags"
            case updatedAt = "updatedAt"
        }
    }

    public struct GetResourceProfileRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the S3 bucket that the request applies to.
        public let resourceArn: String?

        @inlinable
        public init(resourceArn: String? = nil) {
            self.resourceArn = resourceArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.resourceArn, key: "resourceArn")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetResourceProfileResponse: AWSDecodableShape {
        /// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently recalculated sensitive data discovery statistics and details for the bucket. If the bucket's sensitivity score is calculated automatically, this includes the score.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var profileUpdatedAt: Date?
        /// The current sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive). By default, this score is calculated automatically based on the amount of data that Amazon Macie has analyzed in the bucket and the amount of sensitive data that Macie has found in the bucket.
        public let sensitivityScore: Int?
        /// Specifies whether the bucket's current sensitivity score was set manually. If this value is true, the score was manually changed to 100. If this value is false, the score was calculated automatically by Amazon Macie.
        public let sensitivityScoreOverridden: Bool?
        /// The sensitive data discovery statistics for the bucket. The statistics capture the results of automated sensitive data discovery activities that Amazon Macie has performed for the bucket.
        public let statistics: ResourceStatistics?

        @inlinable
        public init(profileUpdatedAt: Date? = nil, sensitivityScore: Int? = nil, sensitivityScoreOverridden: Bool? = nil, statistics: ResourceStatistics? = nil) {
            self.profileUpdatedAt = profileUpdatedAt
            self.sensitivityScore = sensitivityScore
            self.sensitivityScoreOverridden = sensitivityScoreOverridden
            self.statistics = statistics
        }

        private enum CodingKeys: String, CodingKey {
            case profileUpdatedAt = "profileUpdatedAt"
            case sensitivityScore = "sensitivityScore"
            case sensitivityScoreOverridden = "sensitivityScoreOverridden"
            case statistics = "statistics"
        }
    }

    public struct GetRevealConfigurationRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetRevealConfigurationResponse: AWSDecodableShape {
        /// The KMS key that's used to encrypt the sensitive data, and the status of the configuration for the Amazon Macie account.
        public let configuration: RevealConfiguration?
        /// The access method and settings that are used to retrieve the sensitive data.
        public let retrievalConfiguration: RetrievalConfiguration?

        @inlinable
        public init(configuration: RevealConfiguration? = nil, retrievalConfiguration: RetrievalConfiguration? = nil) {
            self.configuration = configuration
            self.retrievalConfiguration = retrievalConfiguration
        }

        private enum CodingKeys: String, CodingKey {
            case configuration = "configuration"
            case retrievalConfiguration = "retrievalConfiguration"
        }
    }

    public struct GetSensitiveDataOccurrencesAvailabilityRequest: AWSEncodableShape {
        /// The unique identifier for the finding.
        public let findingId: String

        @inlinable
        public init(findingId: String) {
            self.findingId = findingId
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.findingId, key: "findingId")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetSensitiveDataOccurrencesAvailabilityResponse: AWSDecodableShape {
        /// Specifies whether occurrences of sensitive data can be retrieved for the finding. Possible values are: AVAILABLE, the sensitive data can be retrieved; and, UNAVAILABLE, the sensitive data can't be retrieved. If this value is UNAVAILABLE, the reasons array indicates why the data can't be retrieved.
        public let code: AvailabilityCode?
        /// Specifies why occurrences of sensitive data can't be retrieved for the finding. Possible values are: ACCOUNT_NOT_IN_ORGANIZATION - The affected account isn't currently part of your organization. Or the account is part of your organization but Macie isn't currently enabled for the account. You're not allowed to access the affected S3 object by using Macie. INVALID_CLASSIFICATION_RESULT - There isn't a corresponding sensitive data discovery result for the finding. Or the corresponding sensitive data discovery result isn't available in the current Amazon Web Services Region, is malformed or corrupted, or uses an unsupported storage format. Macie can't verify the location of the sensitive data to retrieve. INVALID_RESULT_SIGNATURE - The corresponding sensitive data discovery result is stored in an S3 object that wasn't signed by Macie. Macie can't verify the integrity and authenticity of the sensitive data discovery result. Therefore, Macie can't verify the location of the sensitive data to retrieve. MEMBER_ROLE_TOO_PERMISSIVE - The trust or permissions policy for the IAM role in the affected member account doesn't meet Macie requirements for restricting access to the role. Or the role's trust policy doesn't specify the correct external ID for your organization. Macie can't assume the role to retrieve the sensitive data. MISSING_GET_MEMBER_PERMISSION - You're not allowed to retrieve information about the association between your account and the affected account. Macie can't determine whether you’re allowed to access the affected S3 object as the delegated Macie administrator for the affected account. OBJECT_EXCEEDS_SIZE_QUOTA - The storage size of the affected S3 object exceeds the size quota for retrieving occurrences of sensitive data from this type of file. OBJECT_UNAVAILABLE - The affected S3 object isn't available. The object was renamed, moved, deleted, or changed after Macie created the finding. Or the object is encrypted with an KMS key that isn’t available. For example, the key is disabled, is scheduled for deletion, or was deleted. RESULT_NOT_SIGNED - The corresponding sensitive data discovery result is stored in an S3 object that hasn't been signed. Macie can't verify the integrity and authenticity of the sensitive data discovery result. Therefore, Macie can't verify the location of the sensitive data to retrieve. ROLE_TOO_PERMISSIVE - Your account is configured to retrieve occurrences of sensitive data by using an IAM role whose trust or permissions policy doesn't meet Macie requirements for restricting access to the role. Macie can’t assume the role to retrieve the sensitive data. UNSUPPORTED_FINDING_TYPE - The specified finding isn't a sensitive data finding. UNSUPPORTED_OBJECT_TYPE - The affected S3 object uses a file or storage format that Macie doesn't support for retrieving occurrences of sensitive data. This value is null if sensitive data can be retrieved for the finding.
        public let reasons: [UnavailabilityReasonCode]?

        @inlinable
        public init(code: AvailabilityCode? = nil, reasons: [UnavailabilityReasonCode]? = nil) {
            self.code = code
            self.reasons = reasons
        }

        private enum CodingKeys: String, CodingKey {
            case code = "code"
            case reasons = "reasons"
        }
    }

    public struct GetSensitiveDataOccurrencesRequest: AWSEncodableShape {
        /// The unique identifier for the finding.
        public let findingId: String

        @inlinable
        public init(findingId: String) {
            self.findingId = findingId
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.findingId, key: "findingId")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetSensitiveDataOccurrencesResponse: AWSDecodableShape {
        /// If an error occurred when Amazon Macie attempted to retrieve occurrences of sensitive data reported by the finding, a description of the error that occurred. This value is null if the status (status) of the request is PROCESSING or SUCCESS.
        public let error: String?
        /// A map that specifies 1-100 types of sensitive data reported by the finding and, for each type, 1-10 occurrences of sensitive data.
        public let sensitiveDataOccurrences: [String: [DetectedDataDetails]]?
        /// The status of the request to retrieve occurrences of sensitive data reported by the finding. Possible values are: ERROR - An error occurred when Amazon Macie attempted to locate, retrieve, or encrypt the sensitive data. The error value indicates the nature of the error that occurred. PROCESSING - Macie is processing the request. SUCCESS - Macie successfully located, retrieved, and encrypted the sensitive data.
        public let status: RevealRequestStatus?

        @inlinable
        public init(error: String? = nil, sensitiveDataOccurrences: [String: [DetectedDataDetails]]? = nil, status: RevealRequestStatus? = nil) {
            self.error = error
            self.sensitiveDataOccurrences = sensitiveDataOccurrences
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case sensitiveDataOccurrences = "sensitiveDataOccurrences"
            case status = "status"
        }
    }

    public struct GetSensitivityInspectionTemplateRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String

        @inlinable
        public init(id: String) {
            self.id = id
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetSensitivityInspectionTemplateResponse: AWSDecodableShape {
        /// The custom description of the template.
        public let description: String?
        /// The managed data identifiers that are explicitly excluded (not used) when performing automated sensitive data discovery.
        public let excludes: SensitivityInspectionTemplateExcludes?
        /// The allow lists, custom data identifiers, and managed data identifiers that are explicitly included (used) when performing automated sensitive data discovery.
        public let includes: SensitivityInspectionTemplateIncludes?
        /// The name of the template: automated-sensitive-data-discovery.
        public let name: String?
        /// The unique identifier for the template.
        public let sensitivityInspectionTemplateId: String?

        @inlinable
        public init(description: String? = nil, excludes: SensitivityInspectionTemplateExcludes? = nil, includes: SensitivityInspectionTemplateIncludes? = nil, name: String? = nil, sensitivityInspectionTemplateId: String? = nil) {
            self.description = description
            self.excludes = excludes
            self.includes = includes
            self.name = name
            self.sensitivityInspectionTemplateId = sensitivityInspectionTemplateId
        }

        private enum CodingKeys: String, CodingKey {
            case description = "description"
            case excludes = "excludes"
            case includes = "includes"
            case name = "name"
            case sensitivityInspectionTemplateId = "sensitivityInspectionTemplateId"
        }
    }

    public struct GetUsageStatisticsRequest: AWSEncodableShape {
        /// An array of objects, one for each condition to use to filter the query results. If you specify more than one condition, Amazon Macie uses an AND operator to join the conditions.
        public let filterBy: [UsageStatisticsFilter]?
        /// The maximum number of items to include in each page of the response.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?
        /// The criteria to use to sort the query results.
        public let sortBy: UsageStatisticsSortBy?
        /// The inclusive time period to query usage data for. Valid values are: MONTH_TO_DATE, for the current calendar month to date; and, PAST_30_DAYS, for the preceding 30 days. If you don't specify a value, Amazon Macie provides usage data for the preceding 30 days.
        public let timeRange: TimeRange?

        @inlinable
        public init(filterBy: [UsageStatisticsFilter]? = nil, maxResults: Int? = nil, nextToken: String? = nil, sortBy: UsageStatisticsSortBy? = nil, timeRange: TimeRange? = nil) {
            self.filterBy = filterBy
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.sortBy = sortBy
            self.timeRange = timeRange
        }

        private enum CodingKeys: String, CodingKey {
            case filterBy = "filterBy"
            case maxResults = "maxResults"
            case nextToken = "nextToken"
            case sortBy = "sortBy"
            case timeRange = "timeRange"
        }
    }

    public struct GetUsageStatisticsResponse: AWSDecodableShape {
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?
        /// An array of objects that contains the results of the query. Each object contains the data for an account that matches the filter criteria specified in the request.
        public let records: [UsageRecord]?
        /// The inclusive time period that the usage data applies to. Possible values are: MONTH_TO_DATE, for the current calendar month to date; and, PAST_30_DAYS, for the preceding 30 days.
        public let timeRange: TimeRange?

        @inlinable
        public init(nextToken: String? = nil, records: [UsageRecord]? = nil, timeRange: TimeRange? = nil) {
            self.nextToken = nextToken
            self.records = records
            self.timeRange = timeRange
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "nextToken"
            case records = "records"
            case timeRange = "timeRange"
        }
    }

    public struct GetUsageTotalsRequest: AWSEncodableShape {
        /// The inclusive time period to retrieve the data for. Valid values are: MONTH_TO_DATE, for the current calendar month to date; and, PAST_30_DAYS, for the preceding 30 days. If you don't specify a value for this parameter, Amazon Macie provides aggregated usage data for the preceding 30 days.
        public let timeRange: String?

        @inlinable
        public init(timeRange: String? = nil) {
            self.timeRange = timeRange
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.timeRange, key: "timeRange")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetUsageTotalsResponse: AWSDecodableShape {
        /// The inclusive time period that the usage data applies to. Possible values are: MONTH_TO_DATE, for the current calendar month to date; and, PAST_30_DAYS, for the preceding 30 days.
        public let timeRange: TimeRange?
        /// An array of objects that contains the results of the query. Each object contains the data for a specific usage metric.
        public let usageTotals: [UsageTotal]?

        @inlinable
        public init(timeRange: TimeRange? = nil, usageTotals: [UsageTotal]? = nil) {
            self.timeRange = timeRange
            self.usageTotals = usageTotals
        }

        private enum CodingKeys: String, CodingKey {
            case timeRange = "timeRange"
            case usageTotals = "usageTotals"
        }
    }

    public struct GroupCount: AWSDecodableShape {
        /// The total number of findings in the group of query results.
        public let count: Int64?
        /// The name of the property that defines the group in the query results, as specified by the groupBy property in the query request.
        public let groupKey: String?

        @inlinable
        public init(count: Int64? = nil, groupKey: String? = nil) {
            self.count = count
            self.groupKey = groupKey
        }

        private enum CodingKeys: String, CodingKey {
            case count = "count"
            case groupKey = "groupKey"
        }
    }

    public struct IamUser: AWSDecodableShape {
        /// The unique identifier for the Amazon Web Services account that's associated with the IAM user who performed the action.
        public let accountId: String?
        /// The Amazon Resource Name (ARN) of the principal that performed the action. The last section of the ARN contains the name of the user who performed the action.
        public let arn: String?
        /// The unique identifier for the IAM user who performed the action.
        public let principalId: String?
        /// The username of the IAM user who performed the action.
        public let userName: String?

        @inlinable
        public init(accountId: String? = nil, arn: String? = nil, principalId: String? = nil, userName: String? = nil) {
            self.accountId = accountId
            self.arn = arn
            self.principalId = principalId
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case arn = "arn"
            case principalId = "principalId"
            case userName = "userName"
        }
    }

    public struct Invitation: AWSDecodableShape {
        /// The Amazon Web Services account ID for the account that sent the invitation.
        public let accountId: String?
        /// The unique identifier for the invitation.
        public let invitationId: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the invitation was sent.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var invitedAt: Date?
        /// The status of the relationship between the account that sent the invitation and the account that received the invitation.
        public let relationshipStatus: RelationshipStatus?

        @inlinable
        public init(accountId: String? = nil, invitationId: String? = nil, invitedAt: Date? = nil, relationshipStatus: RelationshipStatus? = nil) {
            self.accountId = accountId
            self.invitationId = invitationId
            self.invitedAt = invitedAt
            self.relationshipStatus = relationshipStatus
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case invitationId = "invitationId"
            case invitedAt = "invitedAt"
            case relationshipStatus = "relationshipStatus"
        }
    }

    public struct IpAddressDetails: AWSDecodableShape {
        /// The Internet Protocol version 4 (IPv4) address of the device.
        public let ipAddressV4: String?
        /// The city that the IP address originated from.
        public let ipCity: IpCity?
        /// The country that the IP address originated from.
        public let ipCountry: IpCountry?
        /// The geographic coordinates of the location that the IP address originated from.
        public let ipGeoLocation: IpGeoLocation?
        /// The registered owner of the IP address.
        public let ipOwner: IpOwner?

        @inlinable
        public init(ipAddressV4: String? = nil, ipCity: IpCity? = nil, ipCountry: IpCountry? = nil, ipGeoLocation: IpGeoLocation? = nil, ipOwner: IpOwner? = nil) {
            self.ipAddressV4 = ipAddressV4
            self.ipCity = ipCity
            self.ipCountry = ipCountry
            self.ipGeoLocation = ipGeoLocation
            self.ipOwner = ipOwner
        }

        private enum CodingKeys: String, CodingKey {
            case ipAddressV4 = "ipAddressV4"
            case ipCity = "ipCity"
            case ipCountry = "ipCountry"
            case ipGeoLocation = "ipGeoLocation"
            case ipOwner = "ipOwner"
        }
    }

    public struct IpCity: AWSDecodableShape {
        /// The name of the city.
        public let name: String?

        @inlinable
        public init(name: String? = nil) {
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case name = "name"
        }
    }

    public struct IpCountry: AWSDecodableShape {
        /// The two-character code, in ISO 3166-1 alpha-2 format, for the country that the IP address originated from. For example, US for the United States.
        public let code: String?
        /// The name of the country that the IP address originated from.
        public let name: String?

        @inlinable
        public init(code: String? = nil, name: String? = nil) {
            self.code = code
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case code = "code"
            case name = "name"
        }
    }

    public struct IpGeoLocation: AWSDecodableShape {
        /// The latitude coordinate of the location, rounded to four decimal places.
        public let lat: Double?
        /// The longitude coordinate of the location, rounded to four decimal places.
        public let lon: Double?

        @inlinable
        public init(lat: Double? = nil, lon: Double? = nil) {
            self.lat = lat
            self.lon = lon
        }

        private enum CodingKeys: String, CodingKey {
            case lat = "lat"
            case lon = "lon"
        }
    }

    public struct IpOwner: AWSDecodableShape {
        /// The autonomous system number (ASN) for the autonomous system that included the IP address.
        public let asn: String?
        /// The organization identifier that's associated with the autonomous system number (ASN) for the autonomous system that included the IP address.
        public let asnOrg: String?
        /// The name of the internet service provider (ISP) that owned the IP address.
        public let isp: String?
        /// The name of the organization that owned the IP address.
        public let org: String?

        @inlinable
        public init(asn: String? = nil, asnOrg: String? = nil, isp: String? = nil, org: String? = nil) {
            self.asn = asn
            self.asnOrg = asnOrg
            self.isp = isp
            self.org = org
        }

        private enum CodingKeys: String, CodingKey {
            case asn = "asn"
            case asnOrg = "asnOrg"
            case isp = "isp"
            case org = "org"
        }
    }

    public struct JobDetails: AWSDecodableShape {
        /// Specifies whether any one-time or recurring jobs are configured to analyze objects in the bucket. Possible values are: TRUE - The bucket is explicitly included in the bucket definition (S3BucketDefinitionForJob) for one or more jobs and at least one of those jobs has a status other than CANCELLED. Or the bucket matched the bucket criteria (S3BucketCriteriaForJob) for at least one job that previously ran. FALSE - The bucket isn't explicitly included in the bucket definition (S3BucketDefinitionForJob) for any jobs, all the jobs that explicitly include the bucket in their bucket definitions have a status of CANCELLED, or the bucket didn't match the bucket criteria (S3BucketCriteriaForJob) for any jobs that previously ran. UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.
        public let isDefinedInJob: IsDefinedInJob?
        /// Specifies whether any recurring jobs are configured to analyze objects in the bucket. Possible values are: TRUE - The bucket is explicitly included in the bucket definition (S3BucketDefinitionForJob) for one or more recurring jobs or the bucket matches the bucket criteria (S3BucketCriteriaForJob) for one or more recurring jobs. At least one of those jobs has a status other than CANCELLED. FALSE - The bucket isn't explicitly included in the bucket definition (S3BucketDefinitionForJob) for any recurring jobs, the bucket doesn't match the bucket criteria (S3BucketCriteriaForJob) for any recurring jobs, or all the recurring jobs that are configured to analyze data in the bucket have a status of CANCELLED. UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.
        public let isMonitoredByJob: IsMonitoredByJob?
        /// The unique identifier for the job that ran most recently and is configured to analyze objects in the bucket, either the latest run of a recurring job or the only run of a one-time job. This value is typically null if the value for the isDefinedInJob property is FALSE or UNKNOWN.
        public let lastJobId: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the job (lastJobId) started. If the job is a recurring job, this value indicates when the most recent run started. This value is typically null if the value for the isDefinedInJob property is FALSE or UNKNOWN.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var lastJobRunTime: Date?

        @inlinable
        public init(isDefinedInJob: IsDefinedInJob? = nil, isMonitoredByJob: IsMonitoredByJob? = nil, lastJobId: String? = nil, lastJobRunTime: Date? = nil) {
            self.isDefinedInJob = isDefinedInJob
            self.isMonitoredByJob = isMonitoredByJob
            self.lastJobId = lastJobId
            self.lastJobRunTime = lastJobRunTime
        }

        private enum CodingKeys: String, CodingKey {
            case isDefinedInJob = "isDefinedInJob"
            case isMonitoredByJob = "isMonitoredByJob"
            case lastJobId = "lastJobId"
            case lastJobRunTime = "lastJobRunTime"
        }
    }

    public struct JobScheduleFrequency: AWSEncodableShape & AWSDecodableShape {
        /// Specifies a daily recurrence pattern for running the job.
        public let dailySchedule: DailySchedule?
        /// Specifies a monthly recurrence pattern for running the job.
        public let monthlySchedule: MonthlySchedule?
        /// Specifies a weekly recurrence pattern for running the job.
        public let weeklySchedule: WeeklySchedule?

        @inlinable
        public init(dailySchedule: DailySchedule? = nil, monthlySchedule: MonthlySchedule? = nil, weeklySchedule: WeeklySchedule? = nil) {
            self.dailySchedule = dailySchedule
            self.monthlySchedule = monthlySchedule
            self.weeklySchedule = weeklySchedule
        }

        private enum CodingKeys: String, CodingKey {
            case dailySchedule = "dailySchedule"
            case monthlySchedule = "monthlySchedule"
            case weeklySchedule = "weeklySchedule"
        }
    }

    public struct JobScopeTerm: AWSEncodableShape & AWSDecodableShape {
        /// A property-based condition that defines a property, operator, and one or more values for including or excluding objects from the job.
        public let simpleScopeTerm: SimpleScopeTerm?
        /// A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding objects from the job.
        public let tagScopeTerm: TagScopeTerm?

        @inlinable
        public init(simpleScopeTerm: SimpleScopeTerm? = nil, tagScopeTerm: TagScopeTerm? = nil) {
            self.simpleScopeTerm = simpleScopeTerm
            self.tagScopeTerm = tagScopeTerm
        }

        private enum CodingKeys: String, CodingKey {
            case simpleScopeTerm = "simpleScopeTerm"
            case tagScopeTerm = "tagScopeTerm"
        }
    }

    public struct JobScopingBlock: AWSEncodableShape & AWSDecodableShape {
        /// An array of conditions, one for each property- or tag-based condition that determines which objects to include or exclude from the job. If you specify more than one condition, Amazon Macie uses AND logic to join the conditions.
        public let and: [JobScopeTerm]?

        @inlinable
        public init(and: [JobScopeTerm]? = nil) {
            self.and = and
        }

        private enum CodingKeys: String, CodingKey {
            case and = "and"
        }
    }

    public struct JobSummary: AWSDecodableShape {
        /// The property- and tag-based conditions that determine which S3 buckets are included or excluded from the job's analysis. Each time the job runs, the job uses these criteria to determine which buckets to analyze. A job's definition can contain a bucketCriteria object or a bucketDefinitions array, not both.
        public let bucketCriteria: S3BucketCriteriaForJob?
        /// An array of objects, one for each Amazon Web Services account that owns specific S3 buckets for the job to analyze. Each object specifies the account ID for an account and one or more buckets to analyze for that account. A job's definition can contain a bucketDefinitions array or a bucketCriteria object, not both.
        public let bucketDefinitions: [S3BucketDefinitionForJob]?
        /// The date and time, in UTC and extended ISO 8601 format, when the job was created.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var createdAt: Date?
        /// The unique identifier for the job.
        public let jobId: String?
        /// The current status of the job. Possible values are: CANCELLED - You cancelled the job or, if it's a one-time job, you paused the job and didn't resume it within 30 days. COMPLETE - For a one-time job, Amazon Macie finished processing the data specified for the job. This value doesn't apply to recurring jobs. IDLE - For a recurring job, the previous scheduled run is complete and the next scheduled run is pending. This value doesn't apply to one-time jobs. PAUSED - Macie started running the job but additional processing would exceed the monthly sensitive data discovery quota for your account or one or more member accounts that the job analyzes data for. RUNNING - For a one-time job, the job is in progress. For a recurring job, a scheduled run is in progress. USER_PAUSED - You paused the job. If you paused the job while it had a status of RUNNING and you don't resume it within 30 days of pausing it, the job or job run will expire and be cancelled, depending on the job's type. To check the expiration date, refer to the UserPausedDetails.jobExpiresAt property.
        public let jobStatus: JobStatus?
        /// The schedule for running the job. Possible values are: ONE_TIME - The job runs only once. SCHEDULED - The job runs on a daily, weekly, or monthly basis.
        public let jobType: JobType?
        /// Specifies whether any account- or bucket-level access errors occurred when the job ran. For a recurring job, this value indicates the error status of the job's most recent run.
        public let lastRunErrorStatus: LastRunErrorStatus?
        /// The custom name of the job.
        public let name: String?
        /// If the current status of the job is USER_PAUSED, specifies when the job was paused and when the job or job run will expire and be cancelled if it isn't resumed. This value is present only if the value for jobStatus is USER_PAUSED.
        public let userPausedDetails: UserPausedDetails?

        @inlinable
        public init(bucketCriteria: S3BucketCriteriaForJob? = nil, bucketDefinitions: [S3BucketDefinitionForJob]? = nil, createdAt: Date? = nil, jobId: String? = nil, jobStatus: JobStatus? = nil, jobType: JobType? = nil, lastRunErrorStatus: LastRunErrorStatus? = nil, name: String? = nil, userPausedDetails: UserPausedDetails? = nil) {
            self.bucketCriteria = bucketCriteria
            self.bucketDefinitions = bucketDefinitions
            self.createdAt = createdAt
            self.jobId = jobId
            self.jobStatus = jobStatus
            self.jobType = jobType
            self.lastRunErrorStatus = lastRunErrorStatus
            self.name = name
            self.userPausedDetails = userPausedDetails
        }

        private enum CodingKeys: String, CodingKey {
            case bucketCriteria = "bucketCriteria"
            case bucketDefinitions = "bucketDefinitions"
            case createdAt = "createdAt"
            case jobId = "jobId"
            case jobStatus = "jobStatus"
            case jobType = "jobType"
            case lastRunErrorStatus = "lastRunErrorStatus"
            case name = "name"
            case userPausedDetails = "userPausedDetails"
        }
    }

    public struct KeyValuePair: AWSDecodableShape {
        /// One part of a key-value pair that comprises a tag. A tag key is a general label that acts as a category for more specific tag values.
        public let key: String?
        /// One part of a key-value pair that comprises a tag. A tag value acts as a descriptor for a tag key. A tag value can be an empty string.
        public let value: String?

        @inlinable
        public init(key: String? = nil, value: String? = nil) {
            self.key = key
            self.value = value
        }

        private enum CodingKeys: String, CodingKey {
            case key = "key"
            case value = "value"
        }
    }

    public struct LastRunErrorStatus: AWSDecodableShape {
        /// Specifies whether any account- or bucket-level access errors occurred when the job ran. For a recurring job, this value indicates the error status of the job's most recent run. Possible values are: ERROR - One or more errors occurred. Amazon Macie didn't process all the data specified for the job. NONE - No errors occurred. Macie processed all the data specified for the job.
        public let code: LastRunErrorStatusCode?

        @inlinable
        public init(code: LastRunErrorStatusCode? = nil) {
            self.code = code
        }

        private enum CodingKeys: String, CodingKey {
            case code = "code"
        }
    }

    public struct ListAllowListsRequest: AWSEncodableShape {
        /// The maximum number of items to include in each page of a paginated response.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.maxResults, key: "maxResults")
            request.encodeQuery(self.nextToken, key: "nextToken")
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 25)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListAllowListsResponse: AWSDecodableShape {
        /// An array of objects, one for each allow list.
        public let allowLists: [AllowListSummary]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(allowLists: [AllowListSummary]? = nil, nextToken: String? = nil) {
            self.allowLists = allowLists
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case allowLists = "allowLists"
            case nextToken = "nextToken"
        }
    }

    public struct ListAutomatedDiscoveryAccountsRequest: AWSEncodableShape {
        /// The Amazon Web Services account ID for each account, for as many as 50 accounts. To retrieve the status for multiple accounts, append the accountIds parameter and argument for each account, separated by an ampersand (&amp;). To retrieve the status for all the accounts in an organization, omit this parameter.
        public let accountIds: [String]?
        /// The maximum number of items to include in each page of a paginated response.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?

        @inlinable
        public init(accountIds: [String]? = nil, maxResults: Int? = nil, nextToken: String? = nil) {
            self.accountIds = accountIds
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.accountIds, key: "accountIds")
            request.encodeQuery(self.maxResults, key: "maxResults")
            request.encodeQuery(self.nextToken, key: "nextToken")
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 25)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListAutomatedDiscoveryAccountsResponse: AWSDecodableShape {
        /// An array of objects, one for each account specified in the request. Each object specifies the Amazon Web Services account ID for an account and the current status of automated sensitive data discovery for that account.
        public let items: [AutomatedDiscoveryAccount]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(items: [AutomatedDiscoveryAccount]? = nil, nextToken: String? = nil) {
            self.items = items
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case items = "items"
            case nextToken = "nextToken"
        }
    }

    public struct ListClassificationJobsRequest: AWSEncodableShape {
        /// The criteria to use to filter the results.
        public let filterCriteria: ListJobsFilterCriteria?
        /// The maximum number of items to include in each page of the response.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?
        /// The criteria to use to sort the results.
        public let sortCriteria: ListJobsSortCriteria?

        @inlinable
        public init(filterCriteria: ListJobsFilterCriteria? = nil, maxResults: Int? = nil, nextToken: String? = nil, sortCriteria: ListJobsSortCriteria? = nil) {
            self.filterCriteria = filterCriteria
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.sortCriteria = sortCriteria
        }

        private enum CodingKeys: String, CodingKey {
            case filterCriteria = "filterCriteria"
            case maxResults = "maxResults"
            case nextToken = "nextToken"
            case sortCriteria = "sortCriteria"
        }
    }

    public struct ListClassificationJobsResponse: AWSDecodableShape {
        /// An array of objects, one for each job that matches the filter criteria specified in the request.
        public let items: [JobSummary]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(items: [JobSummary]? = nil, nextToken: String? = nil) {
            self.items = items
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case items = "items"
            case nextToken = "nextToken"
        }
    }

    public struct ListClassificationScopesRequest: AWSEncodableShape {
        /// The name of the classification scope to retrieve the unique identifier for.
        public let name: String?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?

        @inlinable
        public init(name: String? = nil, nextToken: String? = nil) {
            self.name = name
            self.nextToken = nextToken
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.name, key: "name")
            request.encodeQuery(self.nextToken, key: "nextToken")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListClassificationScopesResponse: AWSDecodableShape {
        /// An array that specifies the unique identifier and name of the classification scope for the account.
        public let classificationScopes: [ClassificationScopeSummary]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(classificationScopes: [ClassificationScopeSummary]? = nil, nextToken: String? = nil) {
            self.classificationScopes = classificationScopes
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case classificationScopes = "classificationScopes"
            case nextToken = "nextToken"
        }
    }

    public struct ListCustomDataIdentifiersRequest: AWSEncodableShape {
        /// The maximum number of items to include in each page of the response.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "maxResults"
            case nextToken = "nextToken"
        }
    }

    public struct ListCustomDataIdentifiersResponse: AWSDecodableShape {
        /// An array of objects, one for each custom data identifier.
        public let items: [CustomDataIdentifierSummary]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(items: [CustomDataIdentifierSummary]? = nil, nextToken: String? = nil) {
            self.items = items
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case items = "items"
            case nextToken = "nextToken"
        }
    }

    public struct ListFindingsFiltersRequest: AWSEncodableShape {
        /// The maximum number of items to include in each page of a paginated response.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.maxResults, key: "maxResults")
            request.encodeQuery(self.nextToken, key: "nextToken")
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 25)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListFindingsFiltersResponse: AWSDecodableShape {
        /// An array of objects, one for each filter that's associated with the account.
        public let findingsFilterListItems: [FindingsFilterListItem]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(findingsFilterListItems: [FindingsFilterListItem]? = nil, nextToken: String? = nil) {
            self.findingsFilterListItems = findingsFilterListItems
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case findingsFilterListItems = "findingsFilterListItems"
            case nextToken = "nextToken"
        }
    }

    public struct ListFindingsRequest: AWSEncodableShape {
        /// The criteria to use to filter the results.
        public let findingCriteria: FindingCriteria?
        /// The maximum number of items to include in each page of the response.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?
        /// The criteria to use to sort the results.
        public let sortCriteria: SortCriteria?

        @inlinable
        public init(findingCriteria: FindingCriteria? = nil, maxResults: Int? = nil, nextToken: String? = nil, sortCriteria: SortCriteria? = nil) {
            self.findingCriteria = findingCriteria
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.sortCriteria = sortCriteria
        }

        private enum CodingKeys: String, CodingKey {
            case findingCriteria = "findingCriteria"
            case maxResults = "maxResults"
            case nextToken = "nextToken"
            case sortCriteria = "sortCriteria"
        }
    }

    public struct ListFindingsResponse: AWSDecodableShape {
        /// An array of strings, where each string is the unique identifier for a finding that matches the filter criteria specified in the request.
        public let findingIds: [String]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(findingIds: [String]? = nil, nextToken: String? = nil) {
            self.findingIds = findingIds
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case findingIds = "findingIds"
            case nextToken = "nextToken"
        }
    }

    public struct ListInvitationsRequest: AWSEncodableShape {
        /// The maximum number of items to include in each page of a paginated response.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.maxResults, key: "maxResults")
            request.encodeQuery(self.nextToken, key: "nextToken")
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 25)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListInvitationsResponse: AWSDecodableShape {
        /// An array of objects, one for each invitation that was received by the account.
        public let invitations: [Invitation]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(invitations: [Invitation]? = nil, nextToken: String? = nil) {
            self.invitations = invitations
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case invitations = "invitations"
            case nextToken = "nextToken"
        }
    }

    public struct ListJobsFilterCriteria: AWSEncodableShape {
        /// An array of objects, one for each condition that determines which jobs to exclude from the results.
        public let excludes: [ListJobsFilterTerm]?
        /// An array of objects, one for each condition that determines which jobs to include in the results.
        public let includes: [ListJobsFilterTerm]?

        @inlinable
        public init(excludes: [ListJobsFilterTerm]? = nil, includes: [ListJobsFilterTerm]? = nil) {
            self.excludes = excludes
            self.includes = includes
        }

        private enum CodingKeys: String, CodingKey {
            case excludes = "excludes"
            case includes = "includes"
        }
    }

    public struct ListJobsFilterTerm: AWSEncodableShape {
        /// The operator to use to filter the results.
        public let comparator: JobComparator?
        /// The property to use to filter the results.
        public let key: ListJobsFilterKey?
        /// An array that lists one or more values to use to filter the results.
        public let values: [String]?

        @inlinable
        public init(comparator: JobComparator? = nil, key: ListJobsFilterKey? = nil, values: [String]? = nil) {
            self.comparator = comparator
            self.key = key
            self.values = values
        }

        private enum CodingKeys: String, CodingKey {
            case comparator = "comparator"
            case key = "key"
            case values = "values"
        }
    }

    public struct ListJobsSortCriteria: AWSEncodableShape {
        /// The property to sort the results by.
        public let attributeName: ListJobsSortAttributeName?
        /// The sort order to apply to the results, based on the value for the property specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
        public let orderBy: OrderBy?

        @inlinable
        public init(attributeName: ListJobsSortAttributeName? = nil, orderBy: OrderBy? = nil) {
            self.attributeName = attributeName
            self.orderBy = orderBy
        }

        private enum CodingKeys: String, CodingKey {
            case attributeName = "attributeName"
            case orderBy = "orderBy"
        }
    }

    public struct ListManagedDataIdentifiersRequest: AWSEncodableShape {
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?

        @inlinable
        public init(nextToken: String? = nil) {
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "nextToken"
        }
    }

    public struct ListManagedDataIdentifiersResponse: AWSDecodableShape {
        /// An array of objects, one for each managed data identifier.
        public let items: [ManagedDataIdentifierSummary]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(items: [ManagedDataIdentifierSummary]? = nil, nextToken: String? = nil) {
            self.items = items
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case items = "items"
            case nextToken = "nextToken"
        }
    }

    public struct ListMembersRequest: AWSEncodableShape {
        /// The maximum number of items to include in each page of a paginated response.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?
        /// Specifies which accounts to include in the response, based on the status of an account's relationship with the administrator account. By default, the response includes only current member accounts. To include all accounts, set this value to false.
        public let onlyAssociated: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, onlyAssociated: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.onlyAssociated = onlyAssociated
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.maxResults, key: "maxResults")
            request.encodeQuery(self.nextToken, key: "nextToken")
            request.encodeQuery(self.onlyAssociated, key: "onlyAssociated")
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 25)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListMembersResponse: AWSDecodableShape {
        /// An array of objects, one for each account that's associated with the administrator account and matches the criteria specified in the request.
        public let members: [Member]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(members: [Member]? = nil, nextToken: String? = nil) {
            self.members = members
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case members = "members"
            case nextToken = "nextToken"
        }
    }

    public struct ListOrganizationAdminAccountsRequest: AWSEncodableShape {
        /// The maximum number of items to include in each page of a paginated response.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.maxResults, key: "maxResults")
            request.encodeQuery(self.nextToken, key: "nextToken")
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 25)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListOrganizationAdminAccountsResponse: AWSDecodableShape {
        /// An array of objects, one for each delegated Amazon Macie administrator account for the organization. Only one of these accounts can have a status of ENABLED.
        public let adminAccounts: [AdminAccount]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(adminAccounts: [AdminAccount]? = nil, nextToken: String? = nil) {
            self.adminAccounts = adminAccounts
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case adminAccounts = "adminAccounts"
            case nextToken = "nextToken"
        }
    }

    public struct ListResourceProfileArtifactsRequest: AWSEncodableShape {
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?
        /// The Amazon Resource Name (ARN) of the S3 bucket that the request applies to.
        public let resourceArn: String?

        @inlinable
        public init(nextToken: String? = nil, resourceArn: String? = nil) {
            self.nextToken = nextToken
            self.resourceArn = resourceArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.nextToken, key: "nextToken")
            request.encodeQuery(self.resourceArn, key: "resourceArn")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListResourceProfileArtifactsResponse: AWSDecodableShape {
        /// An array of objects, one for each of 1-100 S3 objects that Amazon Macie selected for analysis. If Macie has analyzed more than 100 objects in the bucket, Macie populates the array based on the value for the ResourceProfileArtifact.sensitive field for an object: true (sensitive), followed by false (not sensitive). Macie then populates any remaining items in the array with information about objects where the value for the ResourceProfileArtifact.classificationResultStatus field is SKIPPED.
        public let artifacts: [ResourceProfileArtifact]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(artifacts: [ResourceProfileArtifact]? = nil, nextToken: String? = nil) {
            self.artifacts = artifacts
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case artifacts = "artifacts"
            case nextToken = "nextToken"
        }
    }

    public struct ListResourceProfileDetectionsRequest: AWSEncodableShape {
        /// The maximum number of items to include in each page of a paginated response.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?
        /// The Amazon Resource Name (ARN) of the S3 bucket that the request applies to.
        public let resourceArn: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, resourceArn: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.resourceArn = resourceArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.maxResults, key: "maxResults")
            request.encodeQuery(self.nextToken, key: "nextToken")
            request.encodeQuery(self.resourceArn, key: "resourceArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 25)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListResourceProfileDetectionsResponse: AWSDecodableShape {
        /// An array of objects, one for each type of sensitive data that Amazon Macie found in the bucket. Each object reports the number of occurrences of the specified type and provides information about the custom data identifier or managed data identifier that detected the data.
        public let detections: [Detection]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(detections: [Detection]? = nil, nextToken: String? = nil) {
            self.detections = detections
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case detections = "detections"
            case nextToken = "nextToken"
        }
    }

    public struct ListSensitivityInspectionTemplatesRequest: AWSEncodableShape {
        /// The maximum number of items to include in each page of a paginated response.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.maxResults, key: "maxResults")
            request.encodeQuery(self.nextToken, key: "nextToken")
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 25)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListSensitivityInspectionTemplatesResponse: AWSDecodableShape {
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?
        /// An array that specifies the unique identifier and name of the sensitivity inspection template for the account.
        public let sensitivityInspectionTemplates: [SensitivityInspectionTemplatesEntry]?

        @inlinable
        public init(nextToken: String? = nil, sensitivityInspectionTemplates: [SensitivityInspectionTemplatesEntry]? = nil) {
            self.nextToken = nextToken
            self.sensitivityInspectionTemplates = sensitivityInspectionTemplates
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "nextToken"
            case sensitivityInspectionTemplates = "sensitivityInspectionTemplates"
        }
    }

    public struct ListTagsForResourceRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the resource.
        public let resourceArn: String

        @inlinable
        public init(resourceArn: String) {
            self.resourceArn = resourceArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.resourceArn, key: "resourceArn")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListTagsForResourceResponse: AWSDecodableShape {
        /// A map of key-value pairs that specifies which tags (keys and values) are associated with the resource.
        public let tags: [String: String]?

        @inlinable
        public init(tags: [String: String]? = nil) {
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case tags = "tags"
        }
    }

    public struct ManagedDataIdentifierSummary: AWSDecodableShape {
        /// The category of sensitive data that the managed data identifier detects: CREDENTIALS, for credentials data such as private keys or Amazon Web Services secret access keys; FINANCIAL_INFORMATION, for financial data such as credit card numbers; or, PERSONAL_INFORMATION, for personal health information, such as health insurance identification numbers, or personally identifiable information, such as passport numbers.
        public let category: SensitiveDataItemCategory?
        /// The unique identifier for the managed data identifier. This is a string that describes the type of sensitive data that the managed data identifier detects. For example: OPENSSH_PRIVATE_KEY for OpenSSH private keys, CREDIT_CARD_NUMBER for credit card numbers, or USA_PASSPORT_NUMBER for US passport numbers.
        public let id: String?

        @inlinable
        public init(category: SensitiveDataItemCategory? = nil, id: String? = nil) {
            self.category = category
            self.id = id
        }

        private enum CodingKeys: String, CodingKey {
            case category = "category"
            case id = "id"
        }
    }

    public struct MatchingBucket: AWSDecodableShape {
        /// The unique identifier for the Amazon Web Services account that owns the bucket.
        public let accountId: String?
        /// Specifies whether automated sensitive data discovery is currently configured to analyze objects in the bucket. Possible values are: MONITORED, the bucket is included in analyses; and, NOT_MONITORED, the bucket is excluded from analyses. If automated sensitive data discovery is disabled for your account, this value is NOT_MONITORED.
        public let automatedDiscoveryMonitoringStatus: AutomatedDiscoveryMonitoringStatus?
        /// The name of the bucket.
        public let bucketName: String?
        /// The total number of objects that Amazon Macie can analyze in the bucket. These objects use a supported storage class and have a file name extension for a supported file or storage format.
        public let classifiableObjectCount: Int64?
        /// The total storage size, in bytes, of the objects that Amazon Macie can analyze in the bucket. These objects use a supported storage class and have a file name extension for a supported file or storage format. If versioning is enabled for the bucket, Macie calculates this value based on the size of the latest version of each applicable object in the bucket. This value doesn't reflect the storage size of all versions of each applicable object in the bucket.
        public let classifiableSizeInBytes: Int64?
        /// The code for an error or issue that prevented Amazon Macie from retrieving and processing information about the bucket and the bucket's objects. Possible values are: ACCESS_DENIED - Macie doesn't have permission to retrieve the information. For example, the bucket has a restrictive bucket policy and Amazon S3 denied the request. BUCKET_COUNT_EXCEEDS_QUOTA - Retrieving and processing the information would exceed the quota for the number of buckets that Macie monitors for an account (10,000). If this value is null, Macie was able to retrieve and process the information.
        public let errorCode: BucketMetadataErrorCode?
        /// A brief description of the error or issue (errorCode) that prevented Amazon Macie from retrieving and processing information about the bucket and the bucket's objects. This value is null if Macie was able to retrieve and process the information.
        public let errorMessage: String?
        /// Specifies whether any one-time or recurring classification jobs are configured to analyze objects in the bucket, and, if so, the details of the job that ran most recently.
        public let jobDetails: JobDetails?
        /// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed objects in the bucket while performing automated sensitive data discovery. This value is null if this analysis hasn't occurred.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var lastAutomatedDiscoveryTime: Date?
        /// The total number of objects in the bucket.
        public let objectCount: Int64?
        /// The total number of objects in the bucket, grouped by server-side encryption type. This includes a grouping that reports the total number of objects that aren't encrypted or use client-side encryption.
        public let objectCountByEncryptionType: ObjectCountByEncryptionType?
        /// The sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive).If automated sensitive data discovery has never been enabled for your account or it's been disabled for your organization or standalone account for more than 30 days, possible values are: 1, the bucket is empty; or, 50, the bucket stores objects but it's been excluded from recent analyses.
        public let sensitivityScore: Int?
        /// The total storage size, in bytes, of the bucket. If versioning is enabled for the bucket, Amazon Macie calculates this value based on the size of the latest version of each object in the bucket. This value doesn't reflect the storage size of all versions of each object in the bucket.
        public let sizeInBytes: Int64?
        /// The total storage size, in bytes, of the objects that are compressed (.gz, .gzip, .zip) files in the bucket. If versioning is enabled for the bucket, Amazon Macie calculates this value based on the size of the latest version of each applicable object in the bucket. This value doesn't reflect the storage size of all versions of each applicable object in the bucket.
        public let sizeInBytesCompressed: Int64?
        /// The total number of objects that Amazon Macie can't analyze in the bucket. These objects don't use a supported storage class or don't have a file name extension for a supported file or storage format.
        public let unclassifiableObjectCount: ObjectLevelStatistics?
        /// The total storage size, in bytes, of the objects that Amazon Macie can't analyze in the bucket. These objects don't use a supported storage class or don't have a file name extension for a supported file or storage format.
        public let unclassifiableObjectSizeInBytes: ObjectLevelStatistics?

        @inlinable
        public init(accountId: String? = nil, automatedDiscoveryMonitoringStatus: AutomatedDiscoveryMonitoringStatus? = nil, bucketName: String? = nil, classifiableObjectCount: Int64? = nil, classifiableSizeInBytes: Int64? = nil, errorCode: BucketMetadataErrorCode? = nil, errorMessage: String? = nil, jobDetails: JobDetails? = nil, lastAutomatedDiscoveryTime: Date? = nil, objectCount: Int64? = nil, objectCountByEncryptionType: ObjectCountByEncryptionType? = nil, sensitivityScore: Int? = nil, sizeInBytes: Int64? = nil, sizeInBytesCompressed: Int64? = nil, unclassifiableObjectCount: ObjectLevelStatistics? = nil, unclassifiableObjectSizeInBytes: ObjectLevelStatistics? = nil) {
            self.accountId = accountId
            self.automatedDiscoveryMonitoringStatus = automatedDiscoveryMonitoringStatus
            self.bucketName = bucketName
            self.classifiableObjectCount = classifiableObjectCount
            self.classifiableSizeInBytes = classifiableSizeInBytes
            self.errorCode = errorCode
            self.errorMessage = errorMessage
            self.jobDetails = jobDetails
            self.lastAutomatedDiscoveryTime = lastAutomatedDiscoveryTime
            self.objectCount = objectCount
            self.objectCountByEncryptionType = objectCountByEncryptionType
            self.sensitivityScore = sensitivityScore
            self.sizeInBytes = sizeInBytes
            self.sizeInBytesCompressed = sizeInBytesCompressed
            self.unclassifiableObjectCount = unclassifiableObjectCount
            self.unclassifiableObjectSizeInBytes = unclassifiableObjectSizeInBytes
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case automatedDiscoveryMonitoringStatus = "automatedDiscoveryMonitoringStatus"
            case bucketName = "bucketName"
            case classifiableObjectCount = "classifiableObjectCount"
            case classifiableSizeInBytes = "classifiableSizeInBytes"
            case errorCode = "errorCode"
            case errorMessage = "errorMessage"
            case jobDetails = "jobDetails"
            case lastAutomatedDiscoveryTime = "lastAutomatedDiscoveryTime"
            case objectCount = "objectCount"
            case objectCountByEncryptionType = "objectCountByEncryptionType"
            case sensitivityScore = "sensitivityScore"
            case sizeInBytes = "sizeInBytes"
            case sizeInBytesCompressed = "sizeInBytesCompressed"
            case unclassifiableObjectCount = "unclassifiableObjectCount"
            case unclassifiableObjectSizeInBytes = "unclassifiableObjectSizeInBytes"
        }
    }

    public struct MatchingResource: AWSDecodableShape {
        /// The details of an S3 bucket that Amazon Macie monitors and analyzes for your account.
        public let matchingBucket: MatchingBucket?

        @inlinable
        public init(matchingBucket: MatchingBucket? = nil) {
            self.matchingBucket = matchingBucket
        }

        private enum CodingKeys: String, CodingKey {
            case matchingBucket = "matchingBucket"
        }
    }

    public struct Member: AWSDecodableShape {
        /// The Amazon Web Services account ID for the account.
        public let accountId: String?
        /// The Amazon Web Services account ID for the administrator account.
        public let administratorAccountId: String?
        /// The Amazon Resource Name (ARN) of the account.
        public let arn: String?
        /// The email address for the account. This value is null if the account is associated with the administrator account through Organizations.
        public let email: String?
        /// The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if a Macie membership invitation hasn't been sent to the account.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var invitedAt: Date?
        /// (Deprecated) The Amazon Web Services account ID for the administrator account. This property has been replaced by the administratorAccountId property and is retained only for backward compatibility.
        public let masterAccountId: String?
        /// The current status of the relationship between the account and the administrator account.
        public let relationshipStatus: RelationshipStatus?
        /// A map of key-value pairs that specifies which tags (keys and values) are associated with the account in Amazon Macie.
        public let tags: [String: String]?
        /// The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of the relationship between the account and the administrator account.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var updatedAt: Date?

        @inlinable
        public init(accountId: String? = nil, administratorAccountId: String? = nil, arn: String? = nil, email: String? = nil, invitedAt: Date? = nil, masterAccountId: String? = nil, relationshipStatus: RelationshipStatus? = nil, tags: [String: String]? = nil, updatedAt: Date? = nil) {
            self.accountId = accountId
            self.administratorAccountId = administratorAccountId
            self.arn = arn
            self.email = email
            self.invitedAt = invitedAt
            self.masterAccountId = masterAccountId
            self.relationshipStatus = relationshipStatus
            self.tags = tags
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case administratorAccountId = "administratorAccountId"
            case arn = "arn"
            case email = "email"
            case invitedAt = "invitedAt"
            case masterAccountId = "masterAccountId"
            case relationshipStatus = "relationshipStatus"
            case tags = "tags"
            case updatedAt = "updatedAt"
        }
    }

    public struct MonthlySchedule: AWSEncodableShape & AWSDecodableShape {
        /// The numeric day of the month when Amazon Macie runs the job. This value can be an integer from 1 through 31. If this value exceeds the number of days in a certain month, Macie doesn't run the job that month. Macie runs the job only during months that have the specified day. For example, if this value is 31 and a month has only 30 days, Macie doesn't run the job that month. To run the job every month, specify a value that's less than 29.
        public let dayOfMonth: Int?

        @inlinable
        public init(dayOfMonth: Int? = nil) {
            self.dayOfMonth = dayOfMonth
        }

        private enum CodingKeys: String, CodingKey {
            case dayOfMonth = "dayOfMonth"
        }
    }

    public struct ObjectCountByEncryptionType: AWSDecodableShape {
        /// The total number of objects that are encrypted with customer-provided keys. The objects use server-side encryption with customer-provided keys (SSE-C).
        public let customerManaged: Int64?
        /// The total number of objects that are encrypted with KMS keys, either Amazon Web Services managed keys or customer managed keys. The objects use dual-layer server-side encryption or server-side encryption with KMS keys (DSSE-KMS or SSE-KMS).
        public let kmsManaged: Int64?
        /// The total number of objects that are encrypted with Amazon S3 managed keys. The objects use server-side encryption with Amazon S3 managed keys (SSE-S3).
        public let s3Managed: Int64?
        /// The total number of objects that use client-side encryption or aren't encrypted.
        public let unencrypted: Int64?
        /// The total number of objects that Amazon Macie doesn't have current encryption metadata for. Macie can't provide current data about the encryption settings for these objects.
        public let unknown: Int64?

        @inlinable
        public init(customerManaged: Int64? = nil, kmsManaged: Int64? = nil, s3Managed: Int64? = nil, unencrypted: Int64? = nil, unknown: Int64? = nil) {
            self.customerManaged = customerManaged
            self.kmsManaged = kmsManaged
            self.s3Managed = s3Managed
            self.unencrypted = unencrypted
            self.unknown = unknown
        }

        private enum CodingKeys: String, CodingKey {
            case customerManaged = "customerManaged"
            case kmsManaged = "kmsManaged"
            case s3Managed = "s3Managed"
            case unencrypted = "unencrypted"
            case unknown = "unknown"
        }
    }

    public struct ObjectLevelStatistics: AWSDecodableShape {
        /// The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects don't have a file name extension for a supported file or storage format.
        public let fileType: Int64?
        /// The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported storage class.
        public let storageClass: Int64?
        /// The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported storage class or don't have a file name extension for a supported file or storage format.
        public let total: Int64?

        @inlinable
        public init(fileType: Int64? = nil, storageClass: Int64? = nil, total: Int64? = nil) {
            self.fileType = fileType
            self.storageClass = storageClass
            self.total = total
        }

        private enum CodingKeys: String, CodingKey {
            case fileType = "fileType"
            case storageClass = "storageClass"
            case total = "total"
        }
    }

    public struct Occurrences: AWSDecodableShape {
        /// An array of objects, one for each occurrence of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file. This value is null for all other types of files. Each Cell object specifies a cell or field that contains the sensitive data.
        public let cells: [Cell]?
        /// An array of objects, one for each occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file. Each Range object specifies a line or inclusive range of lines that contains the sensitive data, and the position of the data on the specified line or lines. This value is often null for file types that are supported by Cell, Page, or Record objects. Exceptions are the location of sensitive data in: unstructured sections of an otherwise structured file, such as a comment in a file; a malformed file that Amazon Macie analyzes as plain text; and, a CSV or TSV file that has any column names that contain sensitive data.
        public let lineRanges: [Range]?
        /// Reserved for future use.
        public let offsetRanges: [Range]?
        /// An array of objects, one for each occurrence of sensitive data in an Adobe Portable Document Format file. This value is null for all other types of files. Each Page object specifies a page that contains the sensitive data.
        public let pages: [Page]?
        /// An array of objects, one for each occurrence of sensitive data in an Apache Avro object container, Apache Parquet file, JSON file, or JSON Lines file. This value is null for all other types of files. For an Avro object container or Parquet file, each Record object specifies a record index and the path to a field in a record that contains the sensitive data. For a JSON or JSON Lines file, each Record object specifies the path to a field or array that contains the sensitive data. For a JSON Lines file, it also specifies the index of the line that contains the data.
        public let records: [Record]?

        @inlinable
        public init(cells: [Cell]? = nil, lineRanges: [Range]? = nil, offsetRanges: [Range]? = nil, pages: [Page]? = nil, records: [Record]? = nil) {
            self.cells = cells
            self.lineRanges = lineRanges
            self.offsetRanges = offsetRanges
            self.pages = pages
            self.records = records
        }

        private enum CodingKeys: String, CodingKey {
            case cells = "cells"
            case lineRanges = "lineRanges"
            case offsetRanges = "offsetRanges"
            case pages = "pages"
            case records = "records"
        }
    }

    public struct Page: AWSDecodableShape {
        /// Reserved for future use.
        public let lineRange: Range?
        /// Reserved for future use.
        public let offsetRange: Range?
        /// The page number of the page that contains the sensitive data.
        public let pageNumber: Int64?

        @inlinable
        public init(lineRange: Range? = nil, offsetRange: Range? = nil, pageNumber: Int64? = nil) {
            self.lineRange = lineRange
            self.offsetRange = offsetRange
            self.pageNumber = pageNumber
        }

        private enum CodingKeys: String, CodingKey {
            case lineRange = "lineRange"
            case offsetRange = "offsetRange"
            case pageNumber = "pageNumber"
        }
    }

    public struct PolicyDetails: AWSDecodableShape {
        /// The action that produced the finding.
        public let action: FindingAction?
        /// The entity that performed the action that produced the finding.
        public let actor: FindingActor?

        @inlinable
        public init(action: FindingAction? = nil, actor: FindingActor? = nil) {
            self.action = action
            self.actor = actor
        }

        private enum CodingKeys: String, CodingKey {
            case action = "action"
            case actor = "actor"
        }
    }

    public struct PutClassificationExportConfigurationRequest: AWSEncodableShape {
        /// The location to store data classification results in, and the encryption settings to use when storing results in that location.
        public let configuration: ClassificationExportConfiguration?

        @inlinable
        public init(configuration: ClassificationExportConfiguration? = nil) {
            self.configuration = configuration
        }

        private enum CodingKeys: String, CodingKey {
            case configuration = "configuration"
        }
    }

    public struct PutClassificationExportConfigurationResponse: AWSDecodableShape {
        /// The location where the data classification results are stored, and the encryption settings that are used when storing results in that location.
        public let configuration: ClassificationExportConfiguration?

        @inlinable
        public init(configuration: ClassificationExportConfiguration? = nil) {
            self.configuration = configuration
        }

        private enum CodingKeys: String, CodingKey {
            case configuration = "configuration"
        }
    }

    public struct PutFindingsPublicationConfigurationRequest: AWSEncodableShape {
        /// A unique, case-sensitive token that you provide to ensure the idempotency of the request.
        public let clientToken: String?
        /// The configuration settings that determine which findings to publish to Security Hub.
        public let securityHubConfiguration: SecurityHubConfiguration?

        @inlinable
        public init(clientToken: String? = PutFindingsPublicationConfigurationRequest.idempotencyToken(), securityHubConfiguration: SecurityHubConfiguration? = nil) {
            self.clientToken = clientToken
            self.securityHubConfiguration = securityHubConfiguration
        }

        private enum CodingKeys: String, CodingKey {
            case clientToken = "clientToken"
            case securityHubConfiguration = "securityHubConfiguration"
        }
    }

    public struct PutFindingsPublicationConfigurationResponse: AWSDecodableShape {
        public init() {}
    }

    public struct Range: AWSDecodableShape {
        /// The number of lines from the beginning of the file to the end of the sensitive data.
        public let end: Int64?
        /// The number of lines from the beginning of the file to the beginning of the sensitive data.
        public let start: Int64?
        /// The number of characters, with spaces and starting from 1, from the beginning of the first line that contains the sensitive data (start) to the beginning of the sensitive data.
        public let startColumn: Int64?

        @inlinable
        public init(end: Int64? = nil, start: Int64? = nil, startColumn: Int64? = nil) {
            self.end = end
            self.start = start
            self.startColumn = startColumn
        }

        private enum CodingKeys: String, CodingKey {
            case end = "end"
            case start = "start"
            case startColumn = "startColumn"
        }
    }

    public struct Record: AWSDecodableShape {
        /// The path, as a JSONPath expression, to the sensitive data. For an Avro object container or Parquet file, this is the path to the field in the record (recordIndex) that contains the data. For a JSON or JSON Lines file, this is the path to the field or array that contains the data. If the data is a value in an array, the path also indicates which value contains the data. If Amazon Macie detects sensitive data in the name of any element in the path, Macie omits this field. If the name of an element exceeds 240 characters, Macie truncates the name by removing characters from the beginning of the name. If the resulting full path exceeds 250 characters, Macie also truncates the path, starting with the first element in the path, until the path contains 250 or fewer characters.
        public let jsonPath: String?
        /// For an Avro object container or Parquet file, the record index, starting from 0, for the record that contains the sensitive data. For a JSON Lines file, the line index, starting from 0, for the line that contains the sensitive data. This value is always 0 for JSON files.
        public let recordIndex: Int64?

        @inlinable
        public init(jsonPath: String? = nil, recordIndex: Int64? = nil) {
            self.jsonPath = jsonPath
            self.recordIndex = recordIndex
        }

        private enum CodingKeys: String, CodingKey {
            case jsonPath = "jsonPath"
            case recordIndex = "recordIndex"
        }
    }

    public struct ReplicationDetails: AWSDecodableShape {
        /// Specifies whether the bucket is configured to replicate one or more objects to any destination.
        public let replicated: Bool?
        /// Specifies whether the bucket is configured to replicate one or more objects to a bucket for an Amazon Web Services account that isn't part of your Amazon Macie organization. An Amazon Macie organization is a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.
        public let replicatedExternally: Bool?
        /// An array of Amazon Web Services account IDs, one for each Amazon Web Services account that owns a bucket that the bucket is configured to replicate one or more objects to.
        public let replicationAccounts: [String]?

        @inlinable
        public init(replicated: Bool? = nil, replicatedExternally: Bool? = nil, replicationAccounts: [String]? = nil) {
            self.replicated = replicated
            self.replicatedExternally = replicatedExternally
            self.replicationAccounts = replicationAccounts
        }

        private enum CodingKeys: String, CodingKey {
            case replicated = "replicated"
            case replicatedExternally = "replicatedExternally"
            case replicationAccounts = "replicationAccounts"
        }
    }

    public struct ResourceProfileArtifact: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the object.
        public let arn: String?
        /// The status of the analysis. Possible values are: COMPLETE - Amazon Macie successfully completed its analysis of the object. PARTIAL - Macie analyzed only a subset of data in the object. For example, the object is an archive file that contains files in an unsupported format. SKIPPED - Macie wasn't able to analyze the object. For example, the object is a malformed file.
        public let classificationResultStatus: String?
        /// Specifies whether Amazon Macie found sensitive data in the object.
        public let sensitive: Bool?

        @inlinable
        public init(arn: String? = nil, classificationResultStatus: String? = nil, sensitive: Bool? = nil) {
            self.arn = arn
            self.classificationResultStatus = classificationResultStatus
            self.sensitive = sensitive
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case classificationResultStatus = "classificationResultStatus"
            case sensitive = "sensitive"
        }
    }

    public struct ResourceStatistics: AWSDecodableShape {
        /// The total amount of data, in bytes, that Amazon Macie has analyzed in the bucket.
        public let totalBytesClassified: Int64?
        /// The total number of occurrences of sensitive data that Amazon Macie has found in the bucket's objects. This includes occurrences that are currently suppressed by the sensitivity scoring settings for the bucket (totalDetectionsSuppressed).
        public let totalDetections: Int64?
        /// The total number of occurrences of sensitive data that are currently suppressed by the sensitivity scoring settings for the bucket. These represent occurrences of sensitive data that Amazon Macie found in the bucket's objects, but the occurrences were manually suppressed. By default, suppressed occurrences are excluded from the bucket's sensitivity score.
        public let totalDetectionsSuppressed: Int64?
        /// The total number of objects that Amazon Macie has analyzed in the bucket.
        public let totalItemsClassified: Int64?
        /// The total number of the bucket's objects that Amazon Macie has found sensitive data in.
        public let totalItemsSensitive: Int64?
        /// The total number of objects that Amazon Macie wasn't able to analyze in the bucket due to an object-level issue or error. For example, an object is a malformed file. This value includes objects that Macie wasn't able to analyze for reasons reported by other statistics in the ResourceStatistics object.
        public let totalItemsSkipped: Int64?
        /// The total number of objects that Amazon Macie wasn't able to analyze in the bucket because the objects are encrypted with a key that Macie can't access. The objects use server-side encryption with customer-provided keys (SSE-C).
        public let totalItemsSkippedInvalidEncryption: Int64?
        /// The total number of objects that Amazon Macie wasn't able to analyze in the bucket because the objects are encrypted with KMS keys that were disabled, are scheduled for deletion, or were deleted.
        public let totalItemsSkippedInvalidKms: Int64?
        /// The total number of objects that Amazon Macie wasn't able to analyze in the bucket due to the permissions settings for the objects or the permissions settings for the keys that were used to encrypt the objects.
        public let totalItemsSkippedPermissionDenied: Int64?

        @inlinable
        public init(totalBytesClassified: Int64? = nil, totalDetections: Int64? = nil, totalDetectionsSuppressed: Int64? = nil, totalItemsClassified: Int64? = nil, totalItemsSensitive: Int64? = nil, totalItemsSkipped: Int64? = nil, totalItemsSkippedInvalidEncryption: Int64? = nil, totalItemsSkippedInvalidKms: Int64? = nil, totalItemsSkippedPermissionDenied: Int64? = nil) {
            self.totalBytesClassified = totalBytesClassified
            self.totalDetections = totalDetections
            self.totalDetectionsSuppressed = totalDetectionsSuppressed
            self.totalItemsClassified = totalItemsClassified
            self.totalItemsSensitive = totalItemsSensitive
            self.totalItemsSkipped = totalItemsSkipped
            self.totalItemsSkippedInvalidEncryption = totalItemsSkippedInvalidEncryption
            self.totalItemsSkippedInvalidKms = totalItemsSkippedInvalidKms
            self.totalItemsSkippedPermissionDenied = totalItemsSkippedPermissionDenied
        }

        private enum CodingKeys: String, CodingKey {
            case totalBytesClassified = "totalBytesClassified"
            case totalDetections = "totalDetections"
            case totalDetectionsSuppressed = "totalDetectionsSuppressed"
            case totalItemsClassified = "totalItemsClassified"
            case totalItemsSensitive = "totalItemsSensitive"
            case totalItemsSkipped = "totalItemsSkipped"
            case totalItemsSkippedInvalidEncryption = "totalItemsSkippedInvalidEncryption"
            case totalItemsSkippedInvalidKms = "totalItemsSkippedInvalidKms"
            case totalItemsSkippedPermissionDenied = "totalItemsSkippedPermissionDenied"
        }
    }

    public struct ResourcesAffected: AWSDecodableShape {
        /// The details of the S3 bucket that the finding applies to.
        public let s3Bucket: S3Bucket?
        /// The details of the S3 object that the finding applies to.
        public let s3Object: S3Object?

        @inlinable
        public init(s3Bucket: S3Bucket? = nil, s3Object: S3Object? = nil) {
            self.s3Bucket = s3Bucket
            self.s3Object = s3Object
        }

        private enum CodingKeys: String, CodingKey {
            case s3Bucket = "s3Bucket"
            case s3Object = "s3Object"
        }
    }

    public struct RetrievalConfiguration: AWSDecodableShape {
        /// The external ID to specify in the trust policy for the IAM role to assume when retrieving sensitive data from affected S3 objects (roleName). This value is null if the value for retrievalMode is CALLER_CREDENTIALS. This ID is a unique alphanumeric string that Amazon Macie generates automatically after you configure it to assume an IAM role. For a Macie administrator to retrieve sensitive data from an affected S3 object for a member account, the trust policy for the role in the member account must include an sts:ExternalId condition that requires this ID.
        public let externalId: String?
        /// The access method that's used to retrieve sensitive data from affected S3 objects. Valid values are: ASSUME_ROLE, assume an IAM role that is in the affected Amazon Web Services account and delegates access to Amazon Macie (roleName); and, CALLER_CREDENTIALS, use the credentials of the IAM user who requests the sensitive data.
        public let retrievalMode: RetrievalMode?
        /// The name of the IAM role that is in the affected Amazon Web Services account and Amazon Macie is allowed to assume when retrieving sensitive data from affected S3 objects for the account. This value is null if the value for retrievalMode is CALLER_CREDENTIALS.
        public let roleName: String?

        @inlinable
        public init(externalId: String? = nil, retrievalMode: RetrievalMode? = nil, roleName: String? = nil) {
            self.externalId = externalId
            self.retrievalMode = retrievalMode
            self.roleName = roleName
        }

        private enum CodingKeys: String, CodingKey {
            case externalId = "externalId"
            case retrievalMode = "retrievalMode"
            case roleName = "roleName"
        }
    }

    public struct RevealConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// The Amazon Resource Name (ARN), ID, or alias of the KMS key to use to encrypt sensitive data that's retrieved. The key must be an existing, customer managed, symmetric encryption key that's enabled in the same Amazon Web Services Region as the Amazon Macie account. If this value specifies an alias, it must include the following prefix: alias/. If this value specifies a key that's owned by another Amazon Web Services account, it must specify the ARN of the key or the ARN of the key's alias.
        public let kmsKeyId: String?
        /// The status of the configuration for the Amazon Macie account. In a response, possible values are: ENABLED, the configuration is currently enabled for the account; and, DISABLED, the configuration is currently disabled for the account. In a request, valid values are: ENABLED, enable the configuration for the account; and, DISABLED, disable the configuration for the account. If you disable the configuration, you also permanently delete current settings that specify how to access affected S3 objects. If your current access method is ASSUME_ROLE, Macie also deletes the external ID and role name currently specified for the configuration. These settings can't be recovered after they're deleted.
        public let status: RevealStatus?

        @inlinable
        public init(kmsKeyId: String? = nil, status: RevealStatus? = nil) {
            self.kmsKeyId = kmsKeyId
            self.status = status
        }

        public func validate(name: String) throws {
            try self.validate(self.kmsKeyId, name: "kmsKeyId", parent: name, max: 2048)
            try self.validate(self.kmsKeyId, name: "kmsKeyId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case kmsKeyId = "kmsKeyId"
            case status = "status"
        }
    }

    public struct S3Bucket: AWSDecodableShape {
        /// Specifies whether the bucket policy for the bucket requires server-side encryption of objects when objects are added to the bucket. Possible values are: FALSE - The bucket policy requires server-side encryption of new objects. PutObject requests must include a valid server-side encryption header. TRUE - The bucket doesn't have a bucket policy or it has a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, it doesn't require PutObject requests to include a valid server-side encryption header. UNKNOWN - Amazon Macie can't determine whether the bucket policy requires server-side encryption of new objects. Valid server-side encryption headers are: x-amz-server-side-encryption with a value of AES256 or aws:kms, and x-amz-server-side-encryption-customer-algorithm with a value of AES256.
        public let allowsUnencryptedObjectUploads: AllowsUnencryptedObjectUploads?
        /// The Amazon Resource Name (ARN) of the bucket.
        public let arn: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the bucket was created. This value can also indicate when changes such as edits to the bucket's policy were most recently made to the bucket, relative to when the finding was created or last updated.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var createdAt: Date?
        /// The default server-side encryption settings for the bucket.
        public let defaultServerSideEncryption: ServerSideEncryption?
        /// The name of the bucket.
        public let name: String?
        /// The display name and canonical user ID for the Amazon Web Services account that owns the bucket.
        public let owner: S3BucketOwner?
        /// The permissions settings that determine whether the bucket is publicly accessible.
        public let publicAccess: BucketPublicAccess?
        /// The tags that are associated with the bucket.
        public let tags: [KeyValuePair]?

        @inlinable
        public init(allowsUnencryptedObjectUploads: AllowsUnencryptedObjectUploads? = nil, arn: String? = nil, createdAt: Date? = nil, defaultServerSideEncryption: ServerSideEncryption? = nil, name: String? = nil, owner: S3BucketOwner? = nil, publicAccess: BucketPublicAccess? = nil, tags: [KeyValuePair]? = nil) {
            self.allowsUnencryptedObjectUploads = allowsUnencryptedObjectUploads
            self.arn = arn
            self.createdAt = createdAt
            self.defaultServerSideEncryption = defaultServerSideEncryption
            self.name = name
            self.owner = owner
            self.publicAccess = publicAccess
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case allowsUnencryptedObjectUploads = "allowsUnencryptedObjectUploads"
            case arn = "arn"
            case createdAt = "createdAt"
            case defaultServerSideEncryption = "defaultServerSideEncryption"
            case name = "name"
            case owner = "owner"
            case publicAccess = "publicAccess"
            case tags = "tags"
        }
    }

    public struct S3BucketCriteriaForJob: AWSEncodableShape & AWSDecodableShape {
        /// The property- and tag-based conditions that determine which buckets to exclude from the job.
        public let excludes: CriteriaBlockForJob?
        /// The property- and tag-based conditions that determine which buckets to include in the job.
        public let includes: CriteriaBlockForJob?

        @inlinable
        public init(excludes: CriteriaBlockForJob? = nil, includes: CriteriaBlockForJob? = nil) {
            self.excludes = excludes
            self.includes = includes
        }

        private enum CodingKeys: String, CodingKey {
            case excludes = "excludes"
            case includes = "includes"
        }
    }

    public struct S3BucketDefinitionForJob: AWSEncodableShape & AWSDecodableShape {
        /// The unique identifier for the Amazon Web Services account that owns the buckets.
        public let accountId: String?
        /// An array that lists the names of the buckets.
        public let buckets: [String]?

        @inlinable
        public init(accountId: String? = nil, buckets: [String]? = nil) {
            self.accountId = accountId
            self.buckets = buckets
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case buckets = "buckets"
        }
    }

    public struct S3BucketOwner: AWSDecodableShape {
        /// The display name of the account that owns the bucket.
        public let displayName: String?
        /// The canonical user ID for the account that owns the bucket.
        public let id: String?

        @inlinable
        public init(displayName: String? = nil, id: String? = nil) {
            self.displayName = displayName
            self.id = id
        }

        private enum CodingKeys: String, CodingKey {
            case displayName = "displayName"
            case id = "id"
        }
    }

    public struct S3ClassificationScope: AWSDecodableShape {
        /// The S3 buckets that are excluded.
        public let excludes: S3ClassificationScopeExclusion?

        @inlinable
        public init(excludes: S3ClassificationScopeExclusion? = nil) {
            self.excludes = excludes
        }

        private enum CodingKeys: String, CodingKey {
            case excludes = "excludes"
        }
    }

    public struct S3ClassificationScopeExclusion: AWSDecodableShape {
        /// An array of strings, one for each S3 bucket that is excluded. Each string is the full name of an excluded bucket.
        public let bucketNames: [String]?

        @inlinable
        public init(bucketNames: [String]? = nil) {
            self.bucketNames = bucketNames
        }

        private enum CodingKeys: String, CodingKey {
            case bucketNames = "bucketNames"
        }
    }

    public struct S3ClassificationScopeExclusionUpdate: AWSEncodableShape {
        /// Depending on the value specified for the update operation (ClassificationScopeUpdateOperation), an array of strings that: lists the names of buckets to add or remove from the list, or specifies a new set of bucket names that overwrites all existing names in the list. Each string must be the full name of an existing S3 bucket. Values are case sensitive.
        public let bucketNames: [String]?
        /// Specifies how to apply the changes to the exclusion list. Valid values are: ADD - Append the specified bucket names to the current list. REMOVE - Remove the specified bucket names from the current list. REPLACE - Overwrite the current list with the specified list of bucket names. If you specify this value, Amazon Macie removes all existing names from the list and adds all the specified names to the list.
        public let operation: ClassificationScopeUpdateOperation?

        @inlinable
        public init(bucketNames: [String]? = nil, operation: ClassificationScopeUpdateOperation? = nil) {
            self.bucketNames = bucketNames
            self.operation = operation
        }

        public func validate(name: String) throws {
            try self.bucketNames?.forEach {
                try validate($0, name: "bucketNames[]", parent: name, pattern: "^[A-Za-z0-9.\\-_]{3,255}$")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case bucketNames = "bucketNames"
            case operation = "operation"
        }
    }

    public struct S3ClassificationScopeUpdate: AWSEncodableShape {
        /// The names of the S3 buckets to add or remove from the list.
        public let excludes: S3ClassificationScopeExclusionUpdate?

        @inlinable
        public init(excludes: S3ClassificationScopeExclusionUpdate? = nil) {
            self.excludes = excludes
        }

        public func validate(name: String) throws {
            try self.excludes?.validate(name: "\(name).excludes")
        }

        private enum CodingKeys: String, CodingKey {
            case excludes = "excludes"
        }
    }

    public struct S3Destination: AWSEncodableShape & AWSDecodableShape {
        /// The name of the bucket. This must be the name of an existing general purpose bucket.
        public let bucketName: String?
        /// The path prefix to use in the path to the location in the bucket. This prefix specifies where to store classification results in the bucket.
        public let keyPrefix: String?
        /// The Amazon Resource Name (ARN) of the customer managed KMS key to use for encryption of the results. This must be the ARN of an existing, symmetric encryption KMS key that's enabled in the same Amazon Web Services Region as the bucket.
        public let kmsKeyArn: String?

        @inlinable
        public init(bucketName: String? = nil, keyPrefix: String? = nil, kmsKeyArn: String? = nil) {
            self.bucketName = bucketName
            self.keyPrefix = keyPrefix
            self.kmsKeyArn = kmsKeyArn
        }

        private enum CodingKeys: String, CodingKey {
            case bucketName = "bucketName"
            case keyPrefix = "keyPrefix"
            case kmsKeyArn = "kmsKeyArn"
        }
    }

    public struct S3JobDefinition: AWSEncodableShape & AWSDecodableShape {
        /// The property- and tag-based conditions that determine which S3 buckets to include or exclude from the analysis. Each time the job runs, the job uses these criteria to determine which buckets contain objects to analyze. A job's definition can contain a bucketCriteria object or a bucketDefinitions array, not both.
        public let bucketCriteria: S3BucketCriteriaForJob?
        /// An array of objects, one for each Amazon Web Services account that owns specific S3 buckets to analyze. Each object specifies the account ID for an account and one or more buckets to analyze for that account. A job's definition can contain a bucketDefinitions array or a bucketCriteria object, not both.
        public let bucketDefinitions: [S3BucketDefinitionForJob]?
        /// The property- and tag-based conditions that determine which S3 objects to include or exclude from the analysis. Each time the job runs, the job uses these criteria to determine which objects to analyze.
        public let scoping: Scoping?

        @inlinable
        public init(bucketCriteria: S3BucketCriteriaForJob? = nil, bucketDefinitions: [S3BucketDefinitionForJob]? = nil, scoping: Scoping? = nil) {
            self.bucketCriteria = bucketCriteria
            self.bucketDefinitions = bucketDefinitions
            self.scoping = scoping
        }

        private enum CodingKeys: String, CodingKey {
            case bucketCriteria = "bucketCriteria"
            case bucketDefinitions = "bucketDefinitions"
            case scoping = "scoping"
        }
    }

    public struct S3Object: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the bucket that contains the object.
        public let bucketArn: String?
        /// The entity tag (ETag) that identifies the affected version of the object. If the object was overwritten or changed after Amazon Macie produced the finding, this value might be different from the current ETag for the object.
        public let eTag: String?
        /// The file name extension of the object. If the object doesn't have a file name extension, this value is "".
        public let `extension`: String?
        /// The full name (key) of the object, including the object's prefix if applicable.
        public let key: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the object was last modified.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var lastModified: Date?
        /// The full path to the affected object, including the name of the affected bucket and the object's name (key).
        public let path: String?
        /// Specifies whether the object is publicly accessible due to the combination of permissions settings that apply to the object.
        public let publicAccess: Bool?
        /// The type of server-side encryption that was used to encrypt the object.
        public let serverSideEncryption: ServerSideEncryption?
        /// The total storage size, in bytes, of the object.
        public let size: Int64?
        /// The storage class of the object.
        public let storageClass: StorageClass?
        /// The tags that are associated with the object.
        public let tags: [KeyValuePair]?
        /// The identifier for the affected version of the object.
        public let versionId: String?

        @inlinable
        public init(bucketArn: String? = nil, eTag: String? = nil, extension: String? = nil, key: String? = nil, lastModified: Date? = nil, path: String? = nil, publicAccess: Bool? = nil, serverSideEncryption: ServerSideEncryption? = nil, size: Int64? = nil, storageClass: StorageClass? = nil, tags: [KeyValuePair]? = nil, versionId: String? = nil) {
            self.bucketArn = bucketArn
            self.eTag = eTag
            self.`extension` = `extension`
            self.key = key
            self.lastModified = lastModified
            self.path = path
            self.publicAccess = publicAccess
            self.serverSideEncryption = serverSideEncryption
            self.size = size
            self.storageClass = storageClass
            self.tags = tags
            self.versionId = versionId
        }

        private enum CodingKeys: String, CodingKey {
            case bucketArn = "bucketArn"
            case eTag = "eTag"
            case `extension` = "extension"
            case key = "key"
            case lastModified = "lastModified"
            case path = "path"
            case publicAccess = "publicAccess"
            case serverSideEncryption = "serverSideEncryption"
            case size = "size"
            case storageClass = "storageClass"
            case tags = "tags"
            case versionId = "versionId"
        }
    }

    public struct S3WordsList: AWSEncodableShape & AWSDecodableShape {
        /// The full name of the S3 bucket that contains the object.
        public let bucketName: String?
        /// The full name (key) of the object.
        public let objectKey: String?

        @inlinable
        public init(bucketName: String? = nil, objectKey: String? = nil) {
            self.bucketName = bucketName
            self.objectKey = objectKey
        }

        public func validate(name: String) throws {
            try self.validate(self.bucketName, name: "bucketName", parent: name, max: 255)
            try self.validate(self.bucketName, name: "bucketName", parent: name, min: 3)
            try self.validate(self.bucketName, name: "bucketName", parent: name, pattern: "^[A-Za-z0-9.\\-_]{3,255}$")
            try self.validate(self.objectKey, name: "objectKey", parent: name, max: 1024)
            try self.validate(self.objectKey, name: "objectKey", parent: name, min: 1)
            try self.validate(self.objectKey, name: "objectKey", parent: name, pattern: "^[\\s\\S]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case bucketName = "bucketName"
            case objectKey = "objectKey"
        }
    }

    public struct Scoping: AWSEncodableShape & AWSDecodableShape {
        /// The property- and tag-based conditions that determine which objects to exclude from the analysis.
        public let excludes: JobScopingBlock?
        /// The property- and tag-based conditions that determine which objects to include in the analysis.
        public let includes: JobScopingBlock?

        @inlinable
        public init(excludes: JobScopingBlock? = nil, includes: JobScopingBlock? = nil) {
            self.excludes = excludes
            self.includes = includes
        }

        private enum CodingKeys: String, CodingKey {
            case excludes = "excludes"
            case includes = "includes"
        }
    }

    public struct SearchResourcesBucketCriteria: AWSEncodableShape {
        /// The property- and tag-based conditions that determine which buckets to exclude from the results.
        public let excludes: SearchResourcesCriteriaBlock?
        /// The property- and tag-based conditions that determine which buckets to include in the results.
        public let includes: SearchResourcesCriteriaBlock?

        @inlinable
        public init(excludes: SearchResourcesCriteriaBlock? = nil, includes: SearchResourcesCriteriaBlock? = nil) {
            self.excludes = excludes
            self.includes = includes
        }

        private enum CodingKeys: String, CodingKey {
            case excludes = "excludes"
            case includes = "includes"
        }
    }

    public struct SearchResourcesCriteria: AWSEncodableShape {
        /// A property-based condition that defines a property, operator, and one or more values for including or excluding resources from the results.
        public let simpleCriterion: SearchResourcesSimpleCriterion?
        /// A tag-based condition that defines an operator and tag keys, tag values, or tag key and value pairs for including or excluding resources from the results.
        public let tagCriterion: SearchResourcesTagCriterion?

        @inlinable
        public init(simpleCriterion: SearchResourcesSimpleCriterion? = nil, tagCriterion: SearchResourcesTagCriterion? = nil) {
            self.simpleCriterion = simpleCriterion
            self.tagCriterion = tagCriterion
        }

        private enum CodingKeys: String, CodingKey {
            case simpleCriterion = "simpleCriterion"
            case tagCriterion = "tagCriterion"
        }
    }

    public struct SearchResourcesCriteriaBlock: AWSEncodableShape {
        /// An array of objects, one for each property- or tag-based condition that includes or excludes resources from the query results. If you specify more than one condition, Amazon Macie uses AND logic to join the conditions.
        public let and: [SearchResourcesCriteria]?

        @inlinable
        public init(and: [SearchResourcesCriteria]? = nil) {
            self.and = and
        }

        private enum CodingKeys: String, CodingKey {
            case and = "and"
        }
    }

    public struct SearchResourcesRequest: AWSEncodableShape {
        /// The filter conditions that determine which S3 buckets to include or exclude from the query results.
        public let bucketCriteria: SearchResourcesBucketCriteria?
        /// The maximum number of items to include in each page of the response. The default value is 50.
        public let maxResults: Int?
        /// The nextToken string that specifies which page of results to return in a paginated response.
        public let nextToken: String?
        /// The criteria to use to sort the results.
        public let sortCriteria: SearchResourcesSortCriteria?

        @inlinable
        public init(bucketCriteria: SearchResourcesBucketCriteria? = nil, maxResults: Int? = nil, nextToken: String? = nil, sortCriteria: SearchResourcesSortCriteria? = nil) {
            self.bucketCriteria = bucketCriteria
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.sortCriteria = sortCriteria
        }

        private enum CodingKeys: String, CodingKey {
            case bucketCriteria = "bucketCriteria"
            case maxResults = "maxResults"
            case nextToken = "nextToken"
            case sortCriteria = "sortCriteria"
        }
    }

    public struct SearchResourcesResponse: AWSDecodableShape {
        /// An array of objects, one for each resource that matches the filter criteria specified in the request.
        public let matchingResources: [MatchingResource]?
        /// The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
        public let nextToken: String?

        @inlinable
        public init(matchingResources: [MatchingResource]? = nil, nextToken: String? = nil) {
            self.matchingResources = matchingResources
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case matchingResources = "matchingResources"
            case nextToken = "nextToken"
        }
    }

    public struct SearchResourcesSimpleCriterion: AWSEncodableShape {
        /// The operator to use in the condition. Valid values are EQ (equals) and NE (not equals).
        public let comparator: SearchResourcesComparator?
        /// The property to use in the condition.
        public let key: SearchResourcesSimpleCriterionKey?
        /// An array that lists one or more values to use in the condition. If you specify multiple values, Amazon Macie uses OR logic to join the values. Valid values for each supported property (key) are: ACCOUNT_ID - A string that represents the unique identifier for the Amazon Web Services account that owns the resource. AUTOMATED_DISCOVERY_MONITORING_STATUS - A string that represents an enumerated value that Macie defines for the BucketMetadata.automatedDiscoveryMonitoringStatus property of an S3 bucket. S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated value that Macie defines for the BucketPublicAccess.effectivePermission property of an S3 bucket. S3_BUCKET_NAME - A string that represents the name of an S3 bucket. S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that Macie defines for the BucketMetadata.sharedAccess property of an S3 bucket. Values are case sensitive. Also, Macie doesn't support use of partial values or wildcard characters in values.
        public let values: [String]?

        @inlinable
        public init(comparator: SearchResourcesComparator? = nil, key: SearchResourcesSimpleCriterionKey? = nil, values: [String]? = nil) {
            self.comparator = comparator
            self.key = key
            self.values = values
        }

        private enum CodingKeys: String, CodingKey {
            case comparator = "comparator"
            case key = "key"
            case values = "values"
        }
    }

    public struct SearchResourcesSortCriteria: AWSEncodableShape {
        /// The property to sort the results by.
        public let attributeName: SearchResourcesSortAttributeName?
        /// The sort order to apply to the results, based on the value for the property specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
        public let orderBy: OrderBy?

        @inlinable
        public init(attributeName: SearchResourcesSortAttributeName? = nil, orderBy: OrderBy? = nil) {
            self.attributeName = attributeName
            self.orderBy = orderBy
        }

        private enum CodingKeys: String, CodingKey {
            case attributeName = "attributeName"
            case orderBy = "orderBy"
        }
    }

    public struct SearchResourcesTagCriterion: AWSEncodableShape {
        /// The operator to use in the condition. Valid values are EQ (equals) and NE (not equals).
        public let comparator: SearchResourcesComparator?
        /// The tag keys, tag values, or tag key and value pairs to use in the condition.
        public let tagValues: [SearchResourcesTagCriterionPair]?

        @inlinable
        public init(comparator: SearchResourcesComparator? = nil, tagValues: [SearchResourcesTagCriterionPair]? = nil) {
            self.comparator = comparator
            self.tagValues = tagValues
        }

        private enum CodingKeys: String, CodingKey {
            case comparator = "comparator"
            case tagValues = "tagValues"
        }
    }

    public struct SearchResourcesTagCriterionPair: AWSEncodableShape {
        /// The value for the tag key to use in the condition.
        public let key: String?
        /// The tag value to use in the condition.
        public let value: String?

        @inlinable
        public init(key: String? = nil, value: String? = nil) {
            self.key = key
            self.value = value
        }

        private enum CodingKeys: String, CodingKey {
            case key = "key"
            case value = "value"
        }
    }

    public struct SecurityHubConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// Specifies whether to publish sensitive data findings to Security Hub. If you set this value to true, Amazon Macie automatically publishes all sensitive data findings that weren't suppressed by a findings filter. The default value is false.
        public let publishClassificationFindings: Bool?
        /// Specifies whether to publish policy findings to Security Hub. If you set this value to true, Amazon Macie automatically publishes all new and updated policy findings that weren't suppressed by a findings filter. The default value is true.
        public let publishPolicyFindings: Bool?

        @inlinable
        public init(publishClassificationFindings: Bool? = nil, publishPolicyFindings: Bool? = nil) {
            self.publishClassificationFindings = publishClassificationFindings
            self.publishPolicyFindings = publishPolicyFindings
        }

        private enum CodingKeys: String, CodingKey {
            case publishClassificationFindings = "publishClassificationFindings"
            case publishPolicyFindings = "publishPolicyFindings"
        }
    }

    public struct SensitiveDataItem: AWSDecodableShape {
        /// The category of sensitive data that was detected. For example: CREDENTIALS, for credentials data such as private keys or Amazon Web Services secret access keys; FINANCIAL_INFORMATION, for financial data such as credit card numbers; or, PERSONAL_INFORMATION, for personal health information, such as health insurance identification numbers, or personally identifiable information, such as passport numbers.
        public let category: SensitiveDataItemCategory?
        /// An array of objects, one for each type of sensitive data that was detected. Each object reports the number of occurrences of a specific type of sensitive data that was detected, and the location of up to 15 of those occurrences.
        public let detections: [DefaultDetection]?
        /// The total number of occurrences of the sensitive data that was detected.
        public let totalCount: Int64?

        @inlinable
        public init(category: SensitiveDataItemCategory? = nil, detections: [DefaultDetection]? = nil, totalCount: Int64? = nil) {
            self.category = category
            self.detections = detections
            self.totalCount = totalCount
        }

        private enum CodingKeys: String, CodingKey {
            case category = "category"
            case detections = "detections"
            case totalCount = "totalCount"
        }
    }

    public struct SensitivityAggregations: AWSDecodableShape {
        /// The total storage size, in bytes, of all the objects that Amazon Macie can analyze in the buckets. These objects use a supported storage class and have a file name extension for a supported file or storage format. If versioning is enabled for any of the buckets, this value is based on the size of the latest version of each applicable object in the buckets. This value doesn't reflect the storage size of all versions of all applicable objects in the buckets.
        public let classifiableSizeInBytes: Int64?
        /// The total number of buckets that are publicly accessible due to a combination of permissions settings for each bucket.
        public let publiclyAccessibleCount: Int64?
        /// The total number of buckets.
        public let totalCount: Int64?
        /// The total storage size, in bytes, of the buckets. If versioning is enabled for any of the buckets, this value is based on the size of the latest version of each object in the buckets. This value doesn't reflect the storage size of all versions of the objects in the buckets.
        public let totalSizeInBytes: Int64?

        @inlinable
        public init(classifiableSizeInBytes: Int64? = nil, publiclyAccessibleCount: Int64? = nil, totalCount: Int64? = nil, totalSizeInBytes: Int64? = nil) {
            self.classifiableSizeInBytes = classifiableSizeInBytes
            self.publiclyAccessibleCount = publiclyAccessibleCount
            self.totalCount = totalCount
            self.totalSizeInBytes = totalSizeInBytes
        }

        private enum CodingKeys: String, CodingKey {
            case classifiableSizeInBytes = "classifiableSizeInBytes"
            case publiclyAccessibleCount = "publiclyAccessibleCount"
            case totalCount = "totalCount"
            case totalSizeInBytes = "totalSizeInBytes"
        }
    }

    public struct SensitivityInspectionTemplateExcludes: AWSEncodableShape & AWSDecodableShape {
        /// An array of unique identifiers, one for each managed data identifier to exclude. To retrieve a list of valid values, use the ListManagedDataIdentifiers operation.
        public let managedDataIdentifierIds: [String]?

        @inlinable
        public init(managedDataIdentifierIds: [String]? = nil) {
            self.managedDataIdentifierIds = managedDataIdentifierIds
        }

        private enum CodingKeys: String, CodingKey {
            case managedDataIdentifierIds = "managedDataIdentifierIds"
        }
    }

    public struct SensitivityInspectionTemplateIncludes: AWSEncodableShape & AWSDecodableShape {
        /// An array of unique identifiers, one for each allow list to include.
        public let allowListIds: [String]?
        /// An array of unique identifiers, one for each custom data identifier to include.
        public let customDataIdentifierIds: [String]?
        /// An array of unique identifiers, one for each managed data identifier to include. Amazon Macie uses these managed data identifiers in addition to managed data identifiers that are subsequently released and recommended for automated sensitive data discovery. To retrieve a list of valid values for the managed data identifiers that are currently available, use the ListManagedDataIdentifiers operation.
        public let managedDataIdentifierIds: [String]?

        @inlinable
        public init(allowListIds: [String]? = nil, customDataIdentifierIds: [String]? = nil, managedDataIdentifierIds: [String]? = nil) {
            self.allowListIds = allowListIds
            self.customDataIdentifierIds = customDataIdentifierIds
            self.managedDataIdentifierIds = managedDataIdentifierIds
        }

        private enum CodingKeys: String, CodingKey {
            case allowListIds = "allowListIds"
            case customDataIdentifierIds = "customDataIdentifierIds"
            case managedDataIdentifierIds = "managedDataIdentifierIds"
        }
    }

    public struct SensitivityInspectionTemplatesEntry: AWSDecodableShape {
        /// The unique identifier for the sensitivity inspection template.
        public let id: String?
        /// The name of the sensitivity inspection template: automated-sensitive-data-discovery.
        public let name: String?

        @inlinable
        public init(id: String? = nil, name: String? = nil) {
            self.id = id
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case id = "id"
            case name = "name"
        }
    }

    public struct ServerSideEncryption: AWSDecodableShape {
        /// The server-side encryption algorithm that's used when storing data in the bucket or object. If default encryption settings aren't configured for the bucket or the object isn't encrypted using server-side encryption, this value is NONE.
        public let encryptionType: EncryptionType?
        /// The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS key that's used to encrypt data in the bucket or the object. This value is null if an KMS key isn't used to encrypt the data.
        public let kmsMasterKeyId: String?

        @inlinable
        public init(encryptionType: EncryptionType? = nil, kmsMasterKeyId: String? = nil) {
            self.encryptionType = encryptionType
            self.kmsMasterKeyId = kmsMasterKeyId
        }

        private enum CodingKeys: String, CodingKey {
            case encryptionType = "encryptionType"
            case kmsMasterKeyId = "kmsMasterKeyId"
        }
    }

    public struct ServiceLimit: AWSDecodableShape {
        /// Specifies whether the account has met the quota that corresponds to the metric specified by the UsageByAccount.type field in the response.
        public let isServiceLimited: Bool?
        /// The unit of measurement for the value specified by the value field.
        public let unit: Unit?
        /// The value for the metric specified by the UsageByAccount.type field in the response.
        public let value: Int64?

        @inlinable
        public init(isServiceLimited: Bool? = nil, unit: Unit? = nil, value: Int64? = nil) {
            self.isServiceLimited = isServiceLimited
            self.unit = unit
            self.value = value
        }

        private enum CodingKeys: String, CodingKey {
            case isServiceLimited = "isServiceLimited"
            case unit = "unit"
            case value = "value"
        }
    }

    public struct SessionContext: AWSDecodableShape {
        /// The date and time when the credentials were issued, and whether the credentials were authenticated with a multi-factor authentication (MFA) device.
        public let attributes: SessionContextAttributes?
        /// The source and type of credentials that were issued to the entity.
        public let sessionIssuer: SessionIssuer?

        @inlinable
        public init(attributes: SessionContextAttributes? = nil, sessionIssuer: SessionIssuer? = nil) {
            self.attributes = attributes
            self.sessionIssuer = sessionIssuer
        }

        private enum CodingKeys: String, CodingKey {
            case attributes = "attributes"
            case sessionIssuer = "sessionIssuer"
        }
    }

    public struct SessionContextAttributes: AWSDecodableShape {
        /// The date and time, in UTC and ISO 8601 format, when the credentials were issued.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var creationDate: Date?
        /// Specifies whether the credentials were authenticated with a multi-factor authentication (MFA) device.
        public let mfaAuthenticated: Bool?

        @inlinable
        public init(creationDate: Date? = nil, mfaAuthenticated: Bool? = nil) {
            self.creationDate = creationDate
            self.mfaAuthenticated = mfaAuthenticated
        }

        private enum CodingKeys: String, CodingKey {
            case creationDate = "creationDate"
            case mfaAuthenticated = "mfaAuthenticated"
        }
    }

    public struct SessionIssuer: AWSDecodableShape {
        /// The unique identifier for the Amazon Web Services account that owns the entity that was used to get the credentials.
        public let accountId: String?
        /// The Amazon Resource Name (ARN) of the source account, Identity and Access Management (IAM) user, or role that was used to get the credentials.
        public let arn: String?
        /// The unique identifier for the entity that was used to get the credentials.
        public let principalId: String?
        /// The source of the temporary security credentials, such as Root, IAMUser, or Role.
        public let type: String?
        /// The name or alias of the user or role that issued the session. This value is null if the credentials were obtained from a root account that doesn't have an alias.
        public let userName: String?

        @inlinable
        public init(accountId: String? = nil, arn: String? = nil, principalId: String? = nil, type: String? = nil, userName: String? = nil) {
            self.accountId = accountId
            self.arn = arn
            self.principalId = principalId
            self.type = type
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case arn = "arn"
            case principalId = "principalId"
            case type = "type"
            case userName = "userName"
        }
    }

    public struct Severity: AWSDecodableShape {
        /// The qualitative representation of the finding's severity, ranging from Low (least severe) to High (most severe).
        public let description: SeverityDescription?
        /// The numerical representation of the finding's severity, ranging from 1 (least severe) to 3 (most severe).
        public let score: Int64?

        @inlinable
        public init(description: SeverityDescription? = nil, score: Int64? = nil) {
            self.description = description
            self.score = score
        }

        private enum CodingKeys: String, CodingKey {
            case description = "description"
            case score = "score"
        }
    }

    public struct SeverityLevel: AWSEncodableShape & AWSDecodableShape {
        /// The minimum number of occurrences of text that must match the custom data identifier's detection criteria in order to produce a finding with the specified severity (severity).
        public let occurrencesThreshold: Int64?
        /// The severity to assign to a finding: if the number of occurrences is greater than or equal to the specified threshold (occurrencesThreshold); and, if applicable, the number of occurrences is less than the threshold for the next consecutive severity level for the custom data identifier, moving from LOW to HIGH.
        public let severity: DataIdentifierSeverity?

        @inlinable
        public init(occurrencesThreshold: Int64? = nil, severity: DataIdentifierSeverity? = nil) {
            self.occurrencesThreshold = occurrencesThreshold
            self.severity = severity
        }

        private enum CodingKeys: String, CodingKey {
            case occurrencesThreshold = "occurrencesThreshold"
            case severity = "severity"
        }
    }

    public struct SimpleCriterionForJob: AWSEncodableShape & AWSDecodableShape {
        /// The operator to use in the condition. Valid values are EQ (equals) and NE (not equals).
        public let comparator: JobComparator?
        /// The property to use in the condition.
        public let key: SimpleCriterionKeyForJob?
        /// An array that lists one or more values to use in the condition. If you specify multiple values, Amazon Macie uses OR logic to join the values. Valid values for each supported property (key) are: ACCOUNT_ID - A string that represents the unique identifier for the Amazon Web Services account that owns the bucket. S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated value that Macie defines for the BucketPublicAccess.effectivePermission property of a bucket. S3_BUCKET_NAME - A string that represents the name of a bucket. S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that Macie defines for the BucketMetadata.sharedAccess property of a bucket. Values are case sensitive. Also, Macie doesn't support use of partial values or wildcard characters in these values.
        public let values: [String]?

        @inlinable
        public init(comparator: JobComparator? = nil, key: SimpleCriterionKeyForJob? = nil, values: [String]? = nil) {
            self.comparator = comparator
            self.key = key
            self.values = values
        }

        private enum CodingKeys: String, CodingKey {
            case comparator = "comparator"
            case key = "key"
            case values = "values"
        }
    }

    public struct SimpleScopeTerm: AWSEncodableShape & AWSDecodableShape {
        /// The operator to use in the condition. Valid values for each supported property (key) are: OBJECT_EXTENSION - EQ (equals) or NE (not equals) OBJECT_KEY - STARTS_WITH OBJECT_LAST_MODIFIED_DATE - EQ (equals), GT (greater than), GTE (greater than or equals), LT (less than), LTE (less than or equals), or NE (not equals) OBJECT_SIZE - EQ (equals), GT (greater than), GTE (greater than or equals), LT (less than), LTE (less than or equals), or NE (not equals)
        public let comparator: JobComparator?
        /// The object property to use in the condition.
        public let key: ScopeFilterKey?
        /// An array that lists the values to use in the condition. If the value for the key property is OBJECT_EXTENSION or OBJECT_KEY, this array can specify multiple values and Amazon Macie uses OR logic to join the values. Otherwise, this array can specify only one value. Valid values for each supported property (key) are: OBJECT_EXTENSION - A string that represents the file name extension of an object. For example: docx or pdf OBJECT_KEY - A string that represents the key prefix (folder name or path) of an object. For example: logs or awslogs/eventlogs. This value applies a condition to objects whose keys (names) begin with the specified value. OBJECT_LAST_MODIFIED_DATE - The date and time (in UTC and extended ISO 8601 format) when an object was created or last changed, whichever is latest. For example: 2023-09-24T14:31:13Z OBJECT_SIZE - An integer that represents the storage size (in bytes) of an object. Macie doesn't support use of wildcard characters in these values. Also, string values are case sensitive.
        public let values: [String]?

        @inlinable
        public init(comparator: JobComparator? = nil, key: ScopeFilterKey? = nil, values: [String]? = nil) {
            self.comparator = comparator
            self.key = key
            self.values = values
        }

        private enum CodingKeys: String, CodingKey {
            case comparator = "comparator"
            case key = "key"
            case values = "values"
        }
    }

    public struct SortCriteria: AWSEncodableShape {
        /// The name of the property to sort the results by. Valid values are: count, createdAt, policyDetails.action.apiCallDetails.firstSeen, policyDetails.action.apiCallDetails.lastSeen, resourcesAffected, severity.score, type, and updatedAt.
        public let attributeName: String?
        /// The sort order to apply to the results, based on the value for the property specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
        public let orderBy: OrderBy?

        @inlinable
        public init(attributeName: String? = nil, orderBy: OrderBy? = nil) {
            self.attributeName = attributeName
            self.orderBy = orderBy
        }

        private enum CodingKeys: String, CodingKey {
            case attributeName = "attributeName"
            case orderBy = "orderBy"
        }
    }

    public struct Statistics: AWSDecodableShape {
        /// The approximate number of objects that the job has yet to process during its current run.
        public let approximateNumberOfObjectsToProcess: Double?
        /// The number of times that the job has run.
        public let numberOfRuns: Double?

        @inlinable
        public init(approximateNumberOfObjectsToProcess: Double? = nil, numberOfRuns: Double? = nil) {
            self.approximateNumberOfObjectsToProcess = approximateNumberOfObjectsToProcess
            self.numberOfRuns = numberOfRuns
        }

        private enum CodingKeys: String, CodingKey {
            case approximateNumberOfObjectsToProcess = "approximateNumberOfObjectsToProcess"
            case numberOfRuns = "numberOfRuns"
        }
    }

    public struct SuppressDataIdentifier: AWSEncodableShape {
        /// The unique identifier for the custom data identifier or managed data identifier that detected the type of sensitive data to exclude from the score.
        public let id: String?
        /// The type of data identifier that detected the sensitive data. Possible values are: CUSTOM, for a custom data identifier; and, MANAGED, for a managed data identifier.
        public let type: DataIdentifierType?

        @inlinable
        public init(id: String? = nil, type: DataIdentifierType? = nil) {
            self.id = id
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case id = "id"
            case type = "type"
        }
    }

    public struct TagCriterionForJob: AWSEncodableShape & AWSDecodableShape {
        /// The operator to use in the condition. Valid values are EQ (equals) and NE (not equals).
        public let comparator: JobComparator?
        /// The tag keys, tag values, or tag key and value pairs to use in the condition.
        public let tagValues: [TagCriterionPairForJob]?

        @inlinable
        public init(comparator: JobComparator? = nil, tagValues: [TagCriterionPairForJob]? = nil) {
            self.comparator = comparator
            self.tagValues = tagValues
        }

        private enum CodingKeys: String, CodingKey {
            case comparator = "comparator"
            case tagValues = "tagValues"
        }
    }

    public struct TagCriterionPairForJob: AWSEncodableShape & AWSDecodableShape {
        /// The value for the tag key to use in the condition.
        public let key: String?
        /// The tag value to use in the condition.
        public let value: String?

        @inlinable
        public init(key: String? = nil, value: String? = nil) {
            self.key = key
            self.value = value
        }

        private enum CodingKeys: String, CodingKey {
            case key = "key"
            case value = "value"
        }
    }

    public struct TagResourceRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the resource.
        public let resourceArn: String
        /// A map of key-value pairs that specifies the tags to associate with the resource. A resource can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
        public let tags: [String: String]?

        @inlinable
        public init(resourceArn: String, tags: [String: String]? = nil) {
            self.resourceArn = resourceArn
            self.tags = tags
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.resourceArn, key: "resourceArn")
            try container.encodeIfPresent(self.tags, forKey: .tags)
        }

        private enum CodingKeys: String, CodingKey {
            case tags = "tags"
        }
    }

    public struct TagResourceResponse: AWSDecodableShape {
        public init() {}
    }

    public struct TagScopeTerm: AWSEncodableShape & AWSDecodableShape {
        /// The operator to use in the condition. Valid values are EQ (equals) or NE (not equals).
        public let comparator: JobComparator?
        /// The object property to use in the condition. The only valid value is TAG.
        public let key: String?
        /// The tag keys or tag key and value pairs to use in the condition. To specify only tag keys in a condition, specify the keys in this array and set the value for each associated tag value to an empty string.
        public let tagValues: [TagValuePair]?
        /// The type of object to apply the condition to.
        public let target: TagTarget?

        @inlinable
        public init(comparator: JobComparator? = nil, key: String? = nil, tagValues: [TagValuePair]? = nil, target: TagTarget? = nil) {
            self.comparator = comparator
            self.key = key
            self.tagValues = tagValues
            self.target = target
        }

        private enum CodingKeys: String, CodingKey {
            case comparator = "comparator"
            case key = "key"
            case tagValues = "tagValues"
            case target = "target"
        }
    }

    public struct TagValuePair: AWSEncodableShape & AWSDecodableShape {
        /// The value for the tag key to use in the condition.
        public let key: String?
        /// The tag value, associated with the specified tag key (key), to use in the condition. To specify only a tag key for a condition, specify the tag key for the key property and set this value to an empty string.
        public let value: String?

        @inlinable
        public init(key: String? = nil, value: String? = nil) {
            self.key = key
            self.value = value
        }

        private enum CodingKeys: String, CodingKey {
            case key = "key"
            case value = "value"
        }
    }

    public struct TestCustomDataIdentifierRequest: AWSEncodableShape {
        /// An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression contains any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4-90 UTF-8 characters. Ignore words are case sensitive.
        public let ignoreWords: [String]?
        /// An array that lists specific character sequences (keywords), one of which must precede and be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 3-90 UTF-8 characters. Keywords aren't case sensitive.
        public let keywords: [String]?
        /// The maximum number of characters that can exist between the end of at least one complete character sequence specified by the keywords array and the end of the text that matches the regex pattern. If a complete keyword precedes all the text that matches the pattern and the keyword is within the specified distance, Amazon Macie includes the result. The distance can be 1-300 characters. The default value is 50.
        public let maximumMatchDistance: Int?
        /// The regular expression (regex) that defines the pattern to match. The expression can contain as many as 512 characters.
        public let regex: String?
        /// The sample text to inspect by using the custom data identifier. The text can contain as many as 1,000 characters.
        public let sampleText: String?

        @inlinable
        public init(ignoreWords: [String]? = nil, keywords: [String]? = nil, maximumMatchDistance: Int? = nil, regex: String? = nil, sampleText: String? = nil) {
            self.ignoreWords = ignoreWords
            self.keywords = keywords
            self.maximumMatchDistance = maximumMatchDistance
            self.regex = regex
            self.sampleText = sampleText
        }

        private enum CodingKeys: String, CodingKey {
            case ignoreWords = "ignoreWords"
            case keywords = "keywords"
            case maximumMatchDistance = "maximumMatchDistance"
            case regex = "regex"
            case sampleText = "sampleText"
        }
    }

    public struct TestCustomDataIdentifierResponse: AWSDecodableShape {
        /// The number of occurrences of sample text that matched the criteria specified by the custom data identifier.
        public let matchCount: Int?

        @inlinable
        public init(matchCount: Int? = nil) {
            self.matchCount = matchCount
        }

        private enum CodingKeys: String, CodingKey {
            case matchCount = "matchCount"
        }
    }

    public struct UnprocessedAccount: AWSDecodableShape {
        /// The Amazon Web Services account ID for the account that the request applies to.
        public let accountId: String?
        /// The source of the issue or delay in processing the request.
        public let errorCode: ErrorCode?
        /// The reason why the request hasn't been processed.
        public let errorMessage: String?

        @inlinable
        public init(accountId: String? = nil, errorCode: ErrorCode? = nil, errorMessage: String? = nil) {
            self.accountId = accountId
            self.errorCode = errorCode
            self.errorMessage = errorMessage
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case errorCode = "errorCode"
            case errorMessage = "errorMessage"
        }
    }

    public struct UntagResourceRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the resource.
        public let resourceArn: String
        /// One or more tags (keys) to remove from the resource. In an HTTP request to remove multiple tags, append the tagKeys parameter and argument for each tag to remove, separated by an ampersand (&amp;).
        public let tagKeys: [String]?

        @inlinable
        public init(resourceArn: String, tagKeys: [String]? = nil) {
            self.resourceArn = resourceArn
            self.tagKeys = tagKeys
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.resourceArn, key: "resourceArn")
            request.encodeQuery(self.tagKeys, key: "tagKeys")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct UntagResourceResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateAllowListRequest: AWSEncodableShape {
        /// The criteria that specify the text or text pattern to ignore. The criteria can be the location and name of an S3 object that lists specific text to ignore (s3WordsList), or a regular expression that defines a text pattern to ignore (regex). You can change a list's underlying criteria, such as the name of the S3 object or the regular expression to use. However, you can't change the type from s3WordsList to regex or the other way around.
        public let criteria: AllowListCriteria?
        /// A custom description of the allow list. The description can contain as many as 512 characters.
        public let description: String?
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String
        /// A custom name for the allow list. The name can contain as many as 128 characters.
        public let name: String?

        @inlinable
        public init(criteria: AllowListCriteria? = nil, description: String? = nil, id: String, name: String? = nil) {
            self.criteria = criteria
            self.description = description
            self.id = id
            self.name = name
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            try container.encodeIfPresent(self.criteria, forKey: .criteria)
            try container.encodeIfPresent(self.description, forKey: .description)
            request.encodePath(self.id, key: "id")
            try container.encodeIfPresent(self.name, forKey: .name)
        }

        public func validate(name: String) throws {
            try self.criteria?.validate(name: "\(name).criteria")
            try self.validate(self.description, name: "description", parent: name, max: 512)
            try self.validate(self.description, name: "description", parent: name, min: 1)
            try self.validate(self.description, name: "description", parent: name, pattern: "^[\\s\\S]+$")
            try self.validate(self.name, name: "name", parent: name, max: 128)
            try self.validate(self.name, name: "name", parent: name, min: 1)
            try self.validate(self.name, name: "name", parent: name, pattern: "^.+$")
        }

        private enum CodingKeys: String, CodingKey {
            case criteria = "criteria"
            case description = "description"
            case name = "name"
        }
    }

    public struct UpdateAllowListResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the allow list.
        public let arn: String?
        /// The unique identifier for the allow list.
        public let id: String?

        @inlinable
        public init(arn: String? = nil, id: String? = nil) {
            self.arn = arn
            self.id = id
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case id = "id"
        }
    }

    public struct UpdateAutomatedDiscoveryConfigurationRequest: AWSEncodableShape {
        /// Specifies whether to automatically enable automated sensitive data discovery for accounts in the organization. Valid values are: ALL (default), enable it for all existing accounts and new member accounts; NEW, enable it only for new member accounts; and, NONE, don't enable it for any accounts. If you specify NEW or NONE, automated sensitive data discovery continues to be enabled for any existing accounts that it's currently enabled for. To enable or disable it for individual member accounts, specify NEW or NONE, and then enable or disable it for each account by using the BatchUpdateAutomatedDiscoveryAccounts operation.
        public let autoEnableOrganizationMembers: AutoEnableMode?
        /// The new status of automated sensitive data discovery for the organization or account. Valid values are: ENABLED, start or resume all automated sensitive data discovery activities; and, DISABLED, stop performing all automated sensitive data discovery activities. If you specify DISABLED for an administrator account, you also disable automated sensitive data discovery for all member accounts in the organization.
        public let status: AutomatedDiscoveryStatus?

        @inlinable
        public init(autoEnableOrganizationMembers: AutoEnableMode? = nil, status: AutomatedDiscoveryStatus? = nil) {
            self.autoEnableOrganizationMembers = autoEnableOrganizationMembers
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case autoEnableOrganizationMembers = "autoEnableOrganizationMembers"
            case status = "status"
        }
    }

    public struct UpdateAutomatedDiscoveryConfigurationResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateClassificationJobRequest: AWSEncodableShape {
        /// The unique identifier for the classification job.
        public let jobId: String
        /// The new status for the job. Valid values are: CANCELLED - Stops the job permanently and cancels it. This value is valid only if the job's current status is IDLE, PAUSED, RUNNING, or USER_PAUSED. If you specify this value and the job's current status is RUNNING, Amazon Macie immediately begins to stop all processing tasks for the job. You can't resume or restart a job after you cancel it. RUNNING - Resumes the job. This value is valid only if the job's current status is USER_PAUSED. If you paused the job while it was actively running and you specify this value less than 30 days after you paused the job, Macie immediately resumes processing from the point where you paused the job. Otherwise, Macie resumes the job according to the schedule and other settings for the job. USER_PAUSED - Pauses the job temporarily. This value is valid only if the job's current status is IDLE, PAUSED, or RUNNING. If you specify this value and the job's current status is RUNNING, Macie immediately begins to pause all processing tasks for the job. If you pause a one-time job and you don't resume it within 30 days, the job expires and Macie cancels the job. If you pause a recurring job when its status is RUNNING and you don't resume it within 30 days, the job run expires and Macie cancels the run. To check the expiration date, refer to the UserPausedDetails.jobExpiresAt property.
        public let jobStatus: JobStatus?

        @inlinable
        public init(jobId: String, jobStatus: JobStatus? = nil) {
            self.jobId = jobId
            self.jobStatus = jobStatus
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.jobId, key: "jobId")
            try container.encodeIfPresent(self.jobStatus, forKey: .jobStatus)
        }

        private enum CodingKeys: String, CodingKey {
            case jobStatus = "jobStatus"
        }
    }

    public struct UpdateClassificationJobResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateClassificationScopeRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String
        /// The S3 buckets to add or remove from the exclusion list defined by the classification scope.
        public let s3: S3ClassificationScopeUpdate?

        @inlinable
        public init(id: String, s3: S3ClassificationScopeUpdate? = nil) {
            self.id = id
            self.s3 = s3
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
            try container.encodeIfPresent(self.s3, forKey: .s3)
        }

        public func validate(name: String) throws {
            try self.s3?.validate(name: "\(name).s3")
        }

        private enum CodingKeys: String, CodingKey {
            case s3 = "s3"
        }
    }

    public struct UpdateClassificationScopeResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateFindingsFilterRequest: AWSEncodableShape {
        /// The action to perform on findings that match the filter criteria (findingCriteria). Valid values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.
        public let action: FindingsFilterAction?
        /// A unique, case-sensitive token that you provide to ensure the idempotency of the request.
        public let clientToken: String?
        /// A custom description of the filter. The description can contain as many as 512 characters. We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users of your account might be able to see this description, depending on the actions that they're allowed to perform in Amazon Macie.
        public let description: String?
        /// The criteria to use to filter findings.
        public let findingCriteria: FindingCriteria?
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String
        /// A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters. We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users of your account might be able to see this name, depending on the actions that they're allowed to perform in Amazon Macie.
        public let name: String?
        /// The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.
        public let position: Int?

        @inlinable
        public init(action: FindingsFilterAction? = nil, clientToken: String? = UpdateFindingsFilterRequest.idempotencyToken(), description: String? = nil, findingCriteria: FindingCriteria? = nil, id: String, name: String? = nil, position: Int? = nil) {
            self.action = action
            self.clientToken = clientToken
            self.description = description
            self.findingCriteria = findingCriteria
            self.id = id
            self.name = name
            self.position = position
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            try container.encodeIfPresent(self.action, forKey: .action)
            try container.encodeIfPresent(self.clientToken, forKey: .clientToken)
            try container.encodeIfPresent(self.description, forKey: .description)
            try container.encodeIfPresent(self.findingCriteria, forKey: .findingCriteria)
            request.encodePath(self.id, key: "id")
            try container.encodeIfPresent(self.name, forKey: .name)
            try container.encodeIfPresent(self.position, forKey: .position)
        }

        private enum CodingKeys: String, CodingKey {
            case action = "action"
            case clientToken = "clientToken"
            case description = "description"
            case findingCriteria = "findingCriteria"
            case name = "name"
            case position = "position"
        }
    }

    public struct UpdateFindingsFilterResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the filter that was updated.
        public let arn: String?
        /// The unique identifier for the filter that was updated.
        public let id: String?

        @inlinable
        public init(arn: String? = nil, id: String? = nil) {
            self.arn = arn
            self.id = id
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case id = "id"
        }
    }

    public struct UpdateMacieSessionRequest: AWSEncodableShape {
        /// Specifies how often to publish updates to policy findings for the account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events).
        public let findingPublishingFrequency: FindingPublishingFrequency?
        /// Specifies a new status for the account. Valid values are: ENABLED, resume all Amazon Macie activities for the account; and, PAUSED, suspend all Macie activities for the account.
        public let status: MacieStatus?

        @inlinable
        public init(findingPublishingFrequency: FindingPublishingFrequency? = nil, status: MacieStatus? = nil) {
            self.findingPublishingFrequency = findingPublishingFrequency
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case findingPublishingFrequency = "findingPublishingFrequency"
            case status = "status"
        }
    }

    public struct UpdateMacieSessionResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateMemberSessionRequest: AWSEncodableShape {
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String
        /// Specifies the new status for the account. Valid values are: ENABLED, resume all Amazon Macie activities for the account; and, PAUSED, suspend all Macie activities for the account.
        public let status: MacieStatus?

        @inlinable
        public init(id: String, status: MacieStatus? = nil) {
            self.id = id
            self.status = status
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.id, key: "id")
            try container.encodeIfPresent(self.status, forKey: .status)
        }

        private enum CodingKeys: String, CodingKey {
            case status = "status"
        }
    }

    public struct UpdateMemberSessionResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateOrganizationConfigurationRequest: AWSEncodableShape {
        /// Specifies whether to enable Amazon Macie automatically for accounts that are added to the organization in Organizations.
        public let autoEnable: Bool?

        @inlinable
        public init(autoEnable: Bool? = nil) {
            self.autoEnable = autoEnable
        }

        private enum CodingKeys: String, CodingKey {
            case autoEnable = "autoEnable"
        }
    }

    public struct UpdateOrganizationConfigurationResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateResourceProfileDetectionsRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the S3 bucket that the request applies to.
        public let resourceArn: String?
        /// An array of objects, one for each custom data identifier or managed data identifier that detected a type of sensitive data to exclude from the bucket's score. To include all sensitive data types in the score, don't specify any values for this array.
        public let suppressDataIdentifiers: [SuppressDataIdentifier]?

        @inlinable
        public init(resourceArn: String? = nil, suppressDataIdentifiers: [SuppressDataIdentifier]? = nil) {
            self.resourceArn = resourceArn
            self.suppressDataIdentifiers = suppressDataIdentifiers
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.resourceArn, key: "resourceArn")
            try container.encodeIfPresent(self.suppressDataIdentifiers, forKey: .suppressDataIdentifiers)
        }

        private enum CodingKeys: String, CodingKey {
            case suppressDataIdentifiers = "suppressDataIdentifiers"
        }
    }

    public struct UpdateResourceProfileDetectionsResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateResourceProfileRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the S3 bucket that the request applies to.
        public let resourceArn: String?
        /// The new sensitivity score for the bucket. Valid values are: 100, assign the maximum score and apply the Sensitive label to the bucket; and, null (empty), assign a score that Amazon Macie calculates automatically after you submit the request.
        public let sensitivityScoreOverride: Int?

        @inlinable
        public init(resourceArn: String? = nil, sensitivityScoreOverride: Int? = nil) {
            self.resourceArn = resourceArn
            self.sensitivityScoreOverride = sensitivityScoreOverride
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.resourceArn, key: "resourceArn")
            try container.encodeIfPresent(self.sensitivityScoreOverride, forKey: .sensitivityScoreOverride)
        }

        private enum CodingKeys: String, CodingKey {
            case sensitivityScoreOverride = "sensitivityScoreOverride"
        }
    }

    public struct UpdateResourceProfileResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateRetrievalConfiguration: AWSEncodableShape {
        /// The access method to use when retrieving sensitive data from affected S3 objects. Valid values are: ASSUME_ROLE, assume an IAM role that is in the affected Amazon Web Services account and delegates access to Amazon Macie; and, CALLER_CREDENTIALS, use the credentials of the IAM user who requests the sensitive data. If you specify ASSUME_ROLE, also specify the name of an existing IAM role for Macie to assume (roleName). If you change this value from ASSUME_ROLE to CALLER_CREDENTIALS for an existing configuration, Macie permanently deletes the external ID and role name currently specified for the configuration. These settings can't be recovered after they're deleted.
        public let retrievalMode: RetrievalMode?
        /// The name of the IAM role that is in the affected Amazon Web Services account and Amazon Macie is allowed to assume when retrieving sensitive data from affected S3 objects for the account. The trust and permissions policies for the role must meet all requirements for Macie to assume the role.
        public let roleName: String?

        @inlinable
        public init(retrievalMode: RetrievalMode? = nil, roleName: String? = nil) {
            self.retrievalMode = retrievalMode
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case retrievalMode = "retrievalMode"
            case roleName = "roleName"
        }
    }

    public struct UpdateRevealConfigurationRequest: AWSEncodableShape {
        /// The KMS key to use to encrypt the sensitive data, and the status of the configuration for the Amazon Macie account.
        public let configuration: RevealConfiguration?
        /// The access method and settings to use when retrieving the sensitive data.
        public let retrievalConfiguration: UpdateRetrievalConfiguration?

        @inlinable
        public init(configuration: RevealConfiguration? = nil, retrievalConfiguration: UpdateRetrievalConfiguration? = nil) {
            self.configuration = configuration
            self.retrievalConfiguration = retrievalConfiguration
        }

        public func validate(name: String) throws {
            try self.configuration?.validate(name: "\(name).configuration")
            try self.retrievalConfiguration?.validate(name: "\(name).retrievalConfiguration")
        }

        private enum CodingKeys: String, CodingKey {
            case configuration = "configuration"
            case retrievalConfiguration = "retrievalConfiguration"
        }
    }

    public struct UpdateRevealConfigurationResponse: AWSDecodableShape {
        /// The KMS key to use to encrypt the sensitive data, and the status of the configuration for the Amazon Macie account.
        public let configuration: RevealConfiguration?
        /// The access method and settings to use when retrieving the sensitive data.
        public let retrievalConfiguration: RetrievalConfiguration?

        @inlinable
        public init(configuration: RevealConfiguration? = nil, retrievalConfiguration: RetrievalConfiguration? = nil) {
            self.configuration = configuration
            self.retrievalConfiguration = retrievalConfiguration
        }

        private enum CodingKeys: String, CodingKey {
            case configuration = "configuration"
            case retrievalConfiguration = "retrievalConfiguration"
        }
    }

    public struct UpdateSensitivityInspectionTemplateRequest: AWSEncodableShape {
        /// A custom description of the template. The description can contain as many as 200 characters.
        public let description: String?
        /// The managed data identifiers to explicitly exclude (not use) when performing automated sensitive data discovery. To exclude an allow list or custom data identifier that's currently included by the template, update the values for the SensitivityInspectionTemplateIncludes.allowListIds and SensitivityInspectionTemplateIncludes.customDataIdentifierIds properties, respectively.
        public let excludes: SensitivityInspectionTemplateExcludes?
        /// The unique identifier for the Amazon Macie resource that the request applies to.
        public let id: String
        /// The allow lists, custom data identifiers, and managed data identifiers to explicitly include (use) when performing automated sensitive data discovery.
        public let includes: SensitivityInspectionTemplateIncludes?

        @inlinable
        public init(description: String? = nil, excludes: SensitivityInspectionTemplateExcludes? = nil, id: String, includes: SensitivityInspectionTemplateIncludes? = nil) {
            self.description = description
            self.excludes = excludes
            self.id = id
            self.includes = includes
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            try container.encodeIfPresent(self.description, forKey: .description)
            try container.encodeIfPresent(self.excludes, forKey: .excludes)
            request.encodePath(self.id, key: "id")
            try container.encodeIfPresent(self.includes, forKey: .includes)
        }

        private enum CodingKeys: String, CodingKey {
            case description = "description"
            case excludes = "excludes"
            case includes = "includes"
        }
    }

    public struct UpdateSensitivityInspectionTemplateResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UsageByAccount: AWSDecodableShape {
        /// The type of currency that the value for the metric (estimatedCost) is reported in.
        public let currency: Currency?
        /// The estimated value for the metric.
        public let estimatedCost: String?
        /// The current value for the quota that corresponds to the metric specified by the type field.
        public let serviceLimit: ServiceLimit?
        /// The name of the metric. Possible values are: AUTOMATED_OBJECT_MONITORING, to monitor S3 objects for automated sensitive data discovery; AUTOMATED_SENSITIVE_DATA_DISCOVERY, to analyze S3 objects for automated sensitive data discovery; DATA_INVENTORY_EVALUATION, to monitor S3 buckets; and, SENSITIVE_DATA_DISCOVERY, to run classification jobs.
        public let type: UsageType?

        @inlinable
        public init(currency: Currency? = nil, estimatedCost: String? = nil, serviceLimit: ServiceLimit? = nil, type: UsageType? = nil) {
            self.currency = currency
            self.estimatedCost = estimatedCost
            self.serviceLimit = serviceLimit
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case currency = "currency"
            case estimatedCost = "estimatedCost"
            case serviceLimit = "serviceLimit"
            case type = "type"
        }
    }

    public struct UsageRecord: AWSDecodableShape {
        /// The unique identifier for the Amazon Web Services account that the data applies to.
        public let accountId: String?
        /// The date and time, in UTC and extended ISO 8601 format, when the free trial of automated sensitive data discovery started for the account. This value is null if automated sensitive data discovery hasn't been enabled for the account.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var automatedDiscoveryFreeTrialStartDate: Date?
        /// The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie free trial started for the account.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var freeTrialStartDate: Date?
        /// An array of objects that contains usage data and quotas for the account. Each object contains the data for a specific usage metric and the corresponding quota.
        public let usage: [UsageByAccount]?

        @inlinable
        public init(accountId: String? = nil, automatedDiscoveryFreeTrialStartDate: Date? = nil, freeTrialStartDate: Date? = nil, usage: [UsageByAccount]? = nil) {
            self.accountId = accountId
            self.automatedDiscoveryFreeTrialStartDate = automatedDiscoveryFreeTrialStartDate
            self.freeTrialStartDate = freeTrialStartDate
            self.usage = usage
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case automatedDiscoveryFreeTrialStartDate = "automatedDiscoveryFreeTrialStartDate"
            case freeTrialStartDate = "freeTrialStartDate"
            case usage = "usage"
        }
    }

    public struct UsageStatisticsFilter: AWSEncodableShape {
        /// The operator to use in the condition. If the value for the key property is accountId, this value must be CONTAINS. If the value for the key property is any other supported field, this value can be EQ, GT, GTE, LT, LTE, or NE.
        public let comparator: UsageStatisticsFilterComparator?
        /// The field to use in the condition.
        public let key: UsageStatisticsFilterKey?
        /// An array that lists values to use in the condition, based on the value for the field specified by the key property. If the value for the key property is accountId, this array can specify multiple values. Otherwise, this array can specify only one value. Valid values for each supported field are: accountId - The unique identifier for an Amazon Web Services account. freeTrialStartDate - The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie free trial started for an account. serviceLimit - A Boolean (true or false) value that indicates whether an account has reached its monthly quota. total - A string that represents the current estimated cost for an account.
        public let values: [String]?

        @inlinable
        public init(comparator: UsageStatisticsFilterComparator? = nil, key: UsageStatisticsFilterKey? = nil, values: [String]? = nil) {
            self.comparator = comparator
            self.key = key
            self.values = values
        }

        private enum CodingKeys: String, CodingKey {
            case comparator = "comparator"
            case key = "key"
            case values = "values"
        }
    }

    public struct UsageStatisticsSortBy: AWSEncodableShape {
        /// The field to sort the results by.
        public let key: UsageStatisticsSortKey?
        /// The sort order to apply to the results, based on the value for the field specified by the key property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
        public let orderBy: OrderBy?

        @inlinable
        public init(key: UsageStatisticsSortKey? = nil, orderBy: OrderBy? = nil) {
            self.key = key
            self.orderBy = orderBy
        }

        private enum CodingKeys: String, CodingKey {
            case key = "key"
            case orderBy = "orderBy"
        }
    }

    public struct UsageTotal: AWSDecodableShape {
        /// The type of currency that the value for the metric (estimatedCost) is reported in.
        public let currency: Currency?
        /// The estimated value for the metric.
        public let estimatedCost: String?
        /// The name of the metric. Possible values are: AUTOMATED_OBJECT_MONITORING, to monitor S3 objects for automated sensitive data discovery; AUTOMATED_SENSITIVE_DATA_DISCOVERY, to analyze S3 objects for automated sensitive data discovery; DATA_INVENTORY_EVALUATION, to monitor S3 buckets; and, SENSITIVE_DATA_DISCOVERY, to run classification jobs.
        public let type: UsageType?

        @inlinable
        public init(currency: Currency? = nil, estimatedCost: String? = nil, type: UsageType? = nil) {
            self.currency = currency
            self.estimatedCost = estimatedCost
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case currency = "currency"
            case estimatedCost = "estimatedCost"
            case type = "type"
        }
    }

    public struct UserIdentity: AWSDecodableShape {
        /// If the action was performed with temporary security credentials that were obtained using the AssumeRole operation of the Security Token Service (STS) API, the identifiers, session context, and other details about the identity.
        public let assumedRole: AssumedRole?
        /// If the action was performed using the credentials for another Amazon Web Services account, the details of that account.
        public let awsAccount: AwsAccount?
        /// If the action was performed by an Amazon Web Services account that belongs to an Amazon Web Services service, the name of the service.
        public let awsService: AwsService?
        /// If the action was performed with temporary security credentials that were obtained using the GetFederationToken operation of the Security Token Service (STS) API, the identifiers, session context, and other details about the identity.
        public let federatedUser: FederatedUser?
        /// If the action was performed using the credentials for an Identity and Access Management (IAM) user, the name and other details about the user.
        public let iamUser: IamUser?
        /// If the action was performed using the credentials for your Amazon Web Services account, the details of your account.
        public let root: UserIdentityRoot?
        /// The type of entity that performed the action.
        public let type: UserIdentityType?

        @inlinable
        public init(assumedRole: AssumedRole? = nil, awsAccount: AwsAccount? = nil, awsService: AwsService? = nil, federatedUser: FederatedUser? = nil, iamUser: IamUser? = nil, root: UserIdentityRoot? = nil, type: UserIdentityType? = nil) {
            self.assumedRole = assumedRole
            self.awsAccount = awsAccount
            self.awsService = awsService
            self.federatedUser = federatedUser
            self.iamUser = iamUser
            self.root = root
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case assumedRole = "assumedRole"
            case awsAccount = "awsAccount"
            case awsService = "awsService"
            case federatedUser = "federatedUser"
            case iamUser = "iamUser"
            case root = "root"
            case type = "type"
        }
    }

    public struct UserIdentityRoot: AWSDecodableShape {
        /// The unique identifier for the Amazon Web Services account.
        public let accountId: String?
        /// The Amazon Resource Name (ARN) of the principal that performed the action. The last section of the ARN contains the name of the user or role that performed the action.
        public let arn: String?
        /// The unique identifier for the entity that performed the action.
        public let principalId: String?

        @inlinable
        public init(accountId: String? = nil, arn: String? = nil, principalId: String? = nil) {
            self.accountId = accountId
            self.arn = arn
            self.principalId = principalId
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
            case arn = "arn"
            case principalId = "principalId"
        }
    }

    public struct UserPausedDetails: AWSDecodableShape {
        /// The date and time, in UTC and extended ISO 8601 format, when the job or job run will expire and be cancelled if you don't resume it first.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var jobExpiresAt: Date?
        /// The Amazon Resource Name (ARN) of the Health event that Amazon Macie sent to notify you of the job or job run's pending expiration and cancellation. This value is null if a job has been paused for less than 23 days.
        public let jobImminentExpirationHealthEventArn: String?
        /// The date and time, in UTC and extended ISO 8601 format, when you paused the job.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var jobPausedAt: Date?

        @inlinable
        public init(jobExpiresAt: Date? = nil, jobImminentExpirationHealthEventArn: String? = nil, jobPausedAt: Date? = nil) {
            self.jobExpiresAt = jobExpiresAt
            self.jobImminentExpirationHealthEventArn = jobImminentExpirationHealthEventArn
            self.jobPausedAt = jobPausedAt
        }

        private enum CodingKeys: String, CodingKey {
            case jobExpiresAt = "jobExpiresAt"
            case jobImminentExpirationHealthEventArn = "jobImminentExpirationHealthEventArn"
            case jobPausedAt = "jobPausedAt"
        }
    }

    public struct WeeklySchedule: AWSEncodableShape & AWSDecodableShape {
        /// The day of the week when Amazon Macie runs the job.
        public let dayOfWeek: DayOfWeek?

        @inlinable
        public init(dayOfWeek: DayOfWeek? = nil) {
            self.dayOfWeek = dayOfWeek
        }

        private enum CodingKeys: String, CodingKey {
            case dayOfWeek = "dayOfWeek"
        }
    }
}

// MARK: - Errors

/// Error enum for Macie2
public struct Macie2ErrorType: AWSErrorType {
    enum Code: String {
        case accessDeniedException = "AccessDeniedException"
        case conflictException = "ConflictException"
        case internalServerException = "InternalServerException"
        case resourceNotFoundException = "ResourceNotFoundException"
        case serviceQuotaExceededException = "ServiceQuotaExceededException"
        case throttlingException = "ThrottlingException"
        case unprocessableEntityException = "UnprocessableEntityException"
        case validationException = "ValidationException"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize Macie2
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// Provides information about an error that occurred due to insufficient access to a specified resource.
    public static var accessDeniedException: Self { .init(.accessDeniedException) }
    /// Provides information about an error that occurred due to a versioning conflict for a specified resource.
    public static var conflictException: Self { .init(.conflictException) }
    /// Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
    public static var internalServerException: Self { .init(.internalServerException) }
    /// Provides information about an error that occurred because a specified resource wasn't found.
    public static var resourceNotFoundException: Self { .init(.resourceNotFoundException) }
    /// Provides information about an error that occurred due to one or more service quotas for an account.
    public static var serviceQuotaExceededException: Self { .init(.serviceQuotaExceededException) }
    /// Provides information about an error that occurred because too many requests were sent during a certain amount of time.
    public static var throttlingException: Self { .init(.throttlingException) }
    /// Provides information about an error that occurred due to an unprocessable entity.
    public static var unprocessableEntityException: Self { .init(.unprocessableEntityException) }
    /// Provides information about an error that occurred due to a syntax error in a request.
    public static var validationException: Self { .init(.validationException) }
}

extension Macie2ErrorType: Equatable {
    public static func == (lhs: Macie2ErrorType, rhs: Macie2ErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension Macie2ErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
